Export (0) Print
Expand All

Real-Time Protection Spyware Removal

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

Windows Defender uses Real-Time Protection to examine auto-start extensibility points (ASEPs). If a change to one of these ASEPs is detected, Windows Defender will alert you. By default, Windows Defender monitors the following ASEPs: applications that are configured to automatically start when the computer starts up, system configuration settings, Internet Explorer Add-ons, Internet Explorer configuration settings, installed services, installed drivers, application registration, and Windows Add-ons.

When Windows Defender raises an alert, it takes the action specified in the definition that detected the spyware or other potentially unwanted software. If Windows Defender incorrectly identified legitimate software, you can allow it to run on the computer. If Windows Defender detected spyware or other potentially unwanted software, you should remove it.

Events

Event ID Source Message

3005

Microsoft-Windows-Windows Defender

%1 Real-Time Protection agent has taken action to protect this machine from spyware or other potentially unwanted software.
For more information please see the following:
%15
%tScan ID:%b%3
%tUser:%b%8\%9
%tName:%b%11
%tID:%b%12
%tSeverity ID:%b%13
%tCategory ID:%b%14
%tAlert Type:%b%18
%tAction:%b%20

3006

Microsoft-Windows-Windows Defender

%1 Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software.
For more information please see the following:
%15
%tScan ID:%b%3
%tUser:%b%8\%9
%tName:%b%11
%tID:%b%12
%tSeverity ID:%b%13
%tCategory ID:%b%14
%tPath:%b%16
%tAlert Type:%b%18
%tAction:%b%20
%tError Code:%b%21
%tError description:%b%22

Related Management Information

Windows Defender Real-Time Protection

Core Security

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft