Table of contents
TOC
Collapse the table of content
Expand the table of content

Windows Defender Events

Corey Plett|Last Updated: 11/16/2016

Applies To: Windows Server 2016

Windows Defender Events

EventIDSymbolDescription
2000MALWAREPROTECTION_SIGNATURE_UPDATEDThe antimalware definitions updated successfully.
2001MALWAREPROTECTION_SIGNATURE_UPDATE_FAILEDThe antimalware definition update failed.
2002MALWAREPROTECTION_ENGINE_UPDATEDThe antimalware engine updated successfully.
2003MALWAREPROTECTION_ENGINE_UPDATE_FAILEDThe antimalware engine update failed.
2004MALWAREPROTECTION_SIGNATURE_REVERSIONThere was a problem loading antimalware definitions. The antimalware engine will attempt to load the last-known good set of definitions.
2005MALWAREPROTECTION_ENGINE_UPDATE_PLATFORMOUTOFDATEThe antimalware engine failed to load because the antimalware platform is out of date. The antimalware platform will load the last-known good antimalware engine and attempt to update.
2006MALWAREPROTECTION_PLATFORM_UPDATE_FAILEDThe platform update failed.
2007MALWAREPROTECTION_PLATFORM_ALMOSTOUTOFDATEThe platform will soon be out of date. Download the latest platform to maintain up-to-date protection.
2010MALWAREPROTECTION_SIGNATURE_FASTPATH_UPDATEDThe antimalware engine used the Dynamic Signature Service to get additional definitions.
2011MALWAREPROTECTION_SIGNATURE_FASTPATH_DELETEDThe Dynamic Signature Service deleted the out-of-date dynamic definitions.
2012MALWAREPROTECTION_SIGNATURE_FASTPATH_UPDATE_FAILEDThe antimalware engine encountered an error when trying to use the Dynamic Signature Service.
2013MALWAREPROTECTION_SIGNATURE_FASTPATH_DELETED_ALLThe Dynamic Signature Service deleted all dynamic definitions.
2020MALWAREPROTECTION_CLOUD_CLEAN_RESTORE_FILE_DOWNLOADEDThe antimalware engine downloaded a clean file.
2021MALWAREPROTECTION_CLOUD_CLEAN_RESTORE_FILE_DOWNLOAD_FAILEDThe antimalware engine failed to download a clean file.
2030MALWAREPROTECTION_OFFLINE_SCAN_INSTALLEDThe antimalware engine was downloaded and is configured to run offline on the next system restart.
2031MALWAREPROTECTION_OFFLINE_SCAN_INSTALL_FAILEDThe antimalware engine was unable to download and configure an offline scan.
2040MALWAREPROTECTION_OS_EXPIRINGAntimalware support for this operating system version will soon end.
2041MALWAREPROTECTION_OS_EOLAntimalware support for this operating system has ended. You must upgrade the operating system for continued support.
2042MALWAREPROTECTION_PROTECTION_EOLThe antimalware engine no longer supports this operating system, and is no longer protecting your system from malware.
1000MALWAREPROTECTION_SCAN_STARTEDAn antimalware scan started.
1001MALWAREPROTECTION_SCAN_COMPLETEDAn antimalware scan finished.
1002MALWAREPROTECTION_SCAN_CANCELLEDAn antimalware scan was stopped before it finished.
1003MALWAREPROTECTION_SCAN_PAUSEDAn antimalware scan was paused.
1004MALWAREPROTECTION_SCAN_RESUMEDAn antimalware scan was resumed.
1005MALWAREPROTECTION_SCAN_FAILEDAn antimalware scan failed.
1006MALWAREPROTECTION_MALWARE_DETECTEDThe antimalware engine found malware or other potentially unwanted software.
1007MALWAREPROTECTION_MALWARE_ACTION_TAKENThe antimalware platform performed an action to protect your system from malware or other potentially unwanted software.
1008MALWAREPROTECTION_MALWARE_ACTION_FAILEDThe antimalware platform attempted to perform an action to protect your system from malware or other potentially unwanted software, but the action failed.
1009MALWAREPROTECTION_QUARANTINE_RESTOREThe antimalware platform restored an item from quarantine.
1010MALWAREPROTECTION_QUARANTINE_RESTORE_FAILEDThe antimalware platform could not restore an item from quarantine.
1011MALWAREPROTECTION_QUARANTINE_DELETEThe antimalware platform deleted an item from quarantine.
1012MALWAREPROTECTION_QUARANTINE_DELETE_FAILEDThe antimalware platform could not delete an item from quarantine.
1013MALWAREPROTECTION_MALWARE_HISTORY_DELETEThe antimalware platform deleted history of malware and other potentially unwanted software.
1014MALWAREPROTECTION_MALWARE_HISTORY_DELETE_FAILEDThe antimalware platform could not delete history of malware and other potentially unwanted software.
1015MALWAREPROTECTION_BEHAVIOR_DETECTEDThe antimalware platform detected suspicious behavior.
1116MALWAREPROTECTION_STATE_MALWARE_DETECTEDThe antimalware platform detected malware or other potentially unwanted software.
1117MALWAREPROTECTION_STATE_MALWARE_ACTION_TAKENThe antimalware platform performed an action to protect your system from malware or other potentially unwanted software
1118MALWAREPROTECTION_STATE_MALWARE_ACTION_FAILEDThe antimalware platform attempted to perform an action to protect your system from malware or other potentially unwanted software, but the action failed.
1119MALWAREPROTECTION_STATE_MALWARE_ACTION_CRITICALLY_FAILEDThe antimalware platform encountered a critical error when trying to take action on malware or other potentially unwanted software. There are more details in the event message.
1150MALWAREPROTECTION_SERVICE_HEALTHYIf your antimalware platform reports status to a monitoring platform, this event indicates that the antimalware platform is running and in a healthy state.
3002MALWAREPROTECTION_RTP_FEATURE_FAILUREReal-time protection encountered an error and failed.
3007MALWAREPROTECTION_RTP_FEATURE_RECOVEREDReal-time protection recovered from a failure. We recommend running a full system scan when you see this error.
5000MALWAREPROTECTION_RTP_ENABLEDReal-time protection is enabled.
5001MALWAREPROTECTION_RTP_DISABLEDReal-time protection is disabled.
5004MALWAREPROTECTION_RTP_FEATURE_CONFIGUREDThe real-time protection configuration changed.
5007MALWAREPROTECTION_CONFIG_CHANGEDThe antimalware platform configuration changed.
5008MALWAREPROTECTION_ENGINE_FAILUREThe antimalware engine encountered an error and failed.
5009MALWAREPROTECTION_ANTISPYWARE_ENABLEDScanning for malware and other potentially unwanted software is enabled.
5010MALWAREPROTECTION_ANTISPYWARE_DISABLEDScanning for malware and other potentially unwanted software is disabled.
5011MALWAREPROTECTION_ANTIVIRUS_ENABLEDScanning for viruses is enabled.
5012MALWAREPROTECTION_ANTIVIRUS_DISABLEDScanning for viruses is disabled.
5100MALWAREPROTECTION_EXPIRATION_WARNING_STATEThe antimalware platform will expire soon.
5101MALWAREPROTECTION_DISABLED_EXPIRED_STATEThe antimalware platform is expired.
© 2017 Microsoft