What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
300.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Monitoring Windows Defender with prtg

Votes:

0

Your Vote:

Up

Down

until yet, i didn't find a satisfying solution. Task:

- monitoring Defender on clients and server - detect and report infections - status (activated, last update and so on)

The prtg sensor for security center is useless, as far ist does not report an infection, beyond that, on servers there is no security center.

What would be a good approach?

client infection prtg server windows-defender

Created on Mar 10, 2020 11:06:51 AM by  NoMail (0) 1



6 Replies

Votes:

0

Your Vote:

Up

Down

Hi NoMail,

If the WMI Security Center Sensor does not fit your requirements, we have no other native Sensor available.
However, we have multiple Custom Sensors which you can use. For example the EXE/Script Sensor. The EXE/Script sensor runs an executable file (.exe, .dll) or a script (batch file, VBScript, PowerShell) on the probe system. This option is provided as part of the PRTG API.

Created on Mar 10, 2020 12:28:16 PM by  Moritz Heller [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi, I created a module for a new function, but it is not loaded:

"Antwort nicht wohlgeformt: "(import-module : Das angegebene Modul "Get-AntiMalwareInfection" wurde nicht geladen, da in keinem Modulverzeichnis eine gültige Moduldatei gefunden wurde."

I tried it with and without complete path (windows module standard path) - no luck...

Created on Mar 10, 2020 6:39:24 PM by  NoMail (0) 1



Votes:

0

Your Vote:

Up

Down

ok, I placed a module under 32 Bit PS - the funkction is executed so far.

So this script for requesting Defender status of all active servers works so far, but a working sensor with alarm in PRTG would be great now. Defender without centralised logging is really useless.

I am wonder, which values to use - I get "Externes Programm lieferte keinen Rückgabewert (Code: PE087)"

So the function returns several infos:

Host : {COMP1, COMP1} Bereinigung erfolgreich : {True, False} Virus Info : {file:_C:\Users\nico\AppData\Local\Temp\AppDownloader.exe, file:_
fs\install\@GMT-2020.03.09-06.00.04\apps\Daemon tools\DTLiteInstaller W10 7.exe} Prozess : {C:\Temp\DTLiteInstaller W10 7 - PUATest.exe, C:\Windows\explorer.exe} ThreatStatusID Aktion : {4, 103} aktueller Status (1 ist sicher) : {1, 1}

Should I use XML sensor instead?

Created on Mar 10, 2020 7:22:14 PM by  NoMail (0) 1



Votes:

0

Your Vote:

Up

Down

Hi NoMail,

Thank you for the update.

Please note that the output need to be in a certain format so that PRTG is able to understand it. If you use the EXE/Script Sensor, you need this format.
If you use the EXE/Script Advanced Sensor, you the format listed below "Advanced Script, HTTP Data, and REST Custom Sensors".

Created on Mar 11, 2020 12:57:16 PM by  Moritz Heller [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I'd support a featue request for native sensors on Windows Defender for Server.

Created on Apr 16, 2020 10:23:58 AM by  bsc (0)



Votes:

0

Your Vote:

Up

Down

Hi there,

If you want to create a feature request, please follow the steps described here: https://kb.paessler.com/en/topic/79245-how-can-i-propose-new-features-or-sensors-for-prtg

Created on Apr 16, 2020 1:03:15 PM by  Moritz Heller [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.