What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags

View all Tags

Monitoring Windows Defender with prtg



until yet, i didn't find a satisfying solution. Task:

- monitoring Defender on clients and server - detect and report infections - status (activated, last update and so on)

The prtg sensor for security center is useless, as far ist does not report an infection, beyond that, on servers there is no security center.

What would be a good approach?

client infection prtg server windows-defender

Created on Mar 10, 2020 11:06:51 AM

6 Replies



Hi NoMail,

If the WMI Security Center Sensor does not fit your requirements, we have no other native Sensor available.
However, we have multiple Custom Sensors which you can use. For example the EXE/Script Sensor. The EXE/Script sensor runs an executable file (.exe, .dll) or a script (batch file, VBScript, PowerShell) on the probe system. This option is provided as part of the PRTG API.

Created on Mar 10, 2020 12:28:16 PM by  Moritz Heller [Paessler Support]



Hi, I created a module for a new function, but it is not loaded:

"Antwort nicht wohlgeformt: "(import-module : Das angegebene Modul "Get-AntiMalwareInfection" wurde nicht geladen, da in keinem Modulverzeichnis eine gültige Moduldatei gefunden wurde."

I tried it with and without complete path (windows module standard path) - no luck...

Created on Mar 10, 2020 6:39:24 PM



ok, I placed a module under 32 Bit PS - the funkction is executed so far.

So this script for requesting Defender status of all active servers works so far, but a working sensor with alarm in PRTG would be great now. Defender without centralised logging is really useless.

I am wonder, which values to use - I get "Externes Programm lieferte keinen Rückgabewert (Code: PE087)"

So the function returns several infos:

Host : {COMP1, COMP1} Bereinigung erfolgreich : {True, False} Virus Info : {file:_C:\Users\nico\AppData\Local\Temp\AppDownloader.exe, file:_
fs\install\@GMT-2020.03.09-06.00.04\apps\Daemon tools\DTLiteInstaller W10 7.exe} Prozess : {C:\Temp\DTLiteInstaller W10 7 - PUATest.exe, C:\Windows\explorer.exe} ThreatStatusID Aktion : {4, 103} aktueller Status (1 ist sicher) : {1, 1}

Should I use XML sensor instead?

Created on Mar 10, 2020 7:22:14 PM



Hi NoMail,

Thank you for the update.

Please note that the output need to be in a certain format so that PRTG is able to understand it. If you use the EXE/Script Sensor, you need this format.
If you use the EXE/Script Advanced Sensor, you the format listed below "Advanced Script, HTTP Data, and REST Custom Sensors".

Created on Mar 11, 2020 12:57:16 PM by  Moritz Heller [Paessler Support]



I'd support a featue request for native sensors on Windows Defender for Server.

Created on Apr 16, 2020 10:23:58 AM



Hi there,

If you want to create a feature request, please follow the steps described here: https://kb.paessler.com/en/topic/79245-how-can-i-propose-new-features-or-sensors-for-prtg

Created on Apr 16, 2020 1:03:15 PM by  Moritz Heller [Paessler Support]

Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.