Forum Discussion
Solved
Windows Defender Malware alerts not shown in Security Center
Hi Everyone , This is my first post so please excuse me if I`m no on the right topic. I`m having 10 Windows servers 2016 in Azure that have Windows Defender installed on them and they are conf...
Hi brunhuber,
First of all welcome to our community :), please always feel free to raise questions, this is what this community is for.
To be able to test your scenario, please first validation if you see ProtectionStatus events in your workspace.
ProtectionStatus is an antimalware events that ASC collecting into the workspace and ASC's Antimalware alerts are based on.
To test if ProtectionStatus events are avaialble, please run the following query via the "Logs" section in your LogAnalytics workspace.
ProtectionStatus | where TimeGenerated > ago(1d) | where ThreatStatusRank == 555 | summarize count() by ComputerWhen the ProtectionStatusRank == 550 it indicates on a malware activity.The best way to test the integration with Antimwalre is to run the EICAR fileJust save the EICAR content into a file on one of your connected VMs and in couple of minutes later you should see Antimalware alert in Azure Security Center.Thanks,Nadav.
Thanks for your advise . I see the ProtectionStatus logs but no alerts about the malware. One of my server colleagues said that he tried and defender catched the eicar file but don`t see anything in sentinel 🙂 Do I need to have the Microsoft Defender Advanced Threat Protection connector which is in preview ? I remember that it should work without .
Thanks
Thanks
Let's first validate that you are seeing the alert in Azure Security Center.
Could you please go the Azure Security Center portal and see if you are seeing the security alerts on the machine ?