What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Defender Real-time Protection ON/OFF

Votes:

0

I would like to monitor Windows Defender Real-time Protection and if it is switched off Received an alarm in the PRTG. With WMI the parameters can be checked as follows:

Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/microsoft/windows/defender | Select-Object -Property ComputerID, BehaviorMonitorEnabled

ComputerID BehaviorMonitorEnabled ---------- ---------------------- 25002CAF-D265-4C1C-9CD0-EB32299A80DF True

How can this test be implemented in the PRTG?

Thank you for the feedback

prtg smtp wmi

Created on Jan 6, 2022 10:34:06 AM



1 Reply

Votes:

0

Hello,

Thank you for your message.

To monitor the status of the antivirus Windows Defender, you can use the native sensor WMI Security Center sensor.

Otherwise, you can use a custom script with the EXE/Script or EXE/Script Advanced sensor, which will execute the WMI query on the target device and then return 0 or 1 according to the result obtained (false or true).

Please, note that the script must return a response following a specific format, which you will find in this manual: https://www.paessler.com/manuals/prtg/custom_sensors

Afterwards, in PRTG you can use the default lookup file "prtg.standardlookups.yesno.stateyesok" or "prtg.standardlookups.yesno.statenook" for example to convert 0 and 1 to True and False again, with limits configured accordingly.

If you have questions, do not hesitate.

Regards.

Created on Jan 7, 2022 8:12:29 AM by  Florian Lesage [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.