Event ID 1009 — Microsoft Antimalware Engine Spyware Removal
Applies To: Windows Server 2008 R2
.jpg)
During a Windows Defender scan, the Microsoft Antimalware Engine quarantines or removes any spyware or potentially unwanted software detected on the computer. When spyware or other potentially unwanted software is quarantined, it is moved to an isolated folder on the computer.
As new definitions are released, items in quarantine can be scanned again to see if the spyware or other potentially unwanted software can be cleaned and released from quarantine. When spyware or other potentially unwanted software is removed, it is deleted from the computer.
Event Details
| Product: | Windows Operating System |
| ID: | 1009 |
| Source: | Microsoft-Windows-Windows Defender |
| Version: | 6.1 |
| Symbolic Name: | MALWAREPROTECTION_QUARANTINE_RESTORE |
| Message: | %1 has restored an item from quarantine. For more information please see the following: %15 %tName:%b%11 %tID:%b%12 %tSeverity ID:%b%13 %tCategory ID:%b%14 %tUser:%b%8\%9 |
Resolve
This is a normal condition. No further action is required.