Share via

New Event Details in "Windows Defender > Operational" Log (Event Viewer)

Anonymous
2023-12-04T00:15:20+00:00

I've discovered that starting from the 29th of November, there is a new kind of event in Event Viewer > Applications and Services > Windows Defender > Operational

Event 5007 is nothing new, that's like the most standard event you'll find in there, but the contents of some of these events on startup is new. it started on the 29th and they've never happened before that (the log goes as far down as April), I've tested it several times with Find

this is the first event and this one only happened on the 29th:

"Old value: HKLM\Software\Microsoft\WindowsDefender\Diagnostics\InitializingComponentProgress = Initialize Misc Config Library"

"New Value: HKLM\Software\Microsoft\WindowsDefender\Diagnostics\InitializingComponentProgress = PostPlatformUpdate"

now these are the events that happened after this, and appear to occur on startup:

"Old Value: HKLM\Software\Microsoft\WindowsDefender\Diagnostics\InitializingComponentProgress = PostPlatformUpdate"

"New Value: HKLM\Software\Microsoft\WindowsDefender\Diagnostics\InitializingComponentProgress = Loading Engine"

"Old Value: HKLM\Software\Microsoft\WindowsDefender\Diagnostics\InitializingComponentProgress = Loading Engine"

"New Value: HKLM\Software\Microsoft\WindowsDefender\Diagnostics\InitializingComponentProgress = Service Started Successfully"

is this normal? why did this start on the 29th? the first instance does take place at the time of a Windows Defender Update

the 'InitializeMiscConfigLibrary' event occurred at 4:35:30, and the other events listed above took place at 4:35:34, which is when Version 4.18.23110.3 of Windows Defender finished updating. the update began at 4:35:17

if someone searches for any of those registry paths in their Windows Defender > Operational log with the Find button, do you see these events? what does these events even mean, should I be concerned?

I'm on Windows 10 22H2 fully up to date, and I checked my Windows 11 system but they don't have these events so I got kind of worried.

those Registry keys don't exist on the Win11 system either; on my Win10 system, the "Service Started Successfully" is the value for the "InitializingComponentProgress" key. this might be due to Windows Defender being turned off in favor of Trend Micro (it's not my laptop exactly so I don't have a choice), but I can't confirm that

Windows for home | Windows 10 | Files, folders, and storage

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-12-05T06:14:48+00:00

    Hi JJJ Ham,

    The events you've observed in the Windows Defender Operational log are likely part of the normal initialization and updating processes of Windows Defender, now known as Microsoft Defender Antivirus. Here's an explanation of each event:

    1. Event on November 29th - "Initialize Misc Config Library" to "PostPlatformUpdate": This event corresponds with a Windows Defender update. The change from the "Old value" to the "New value" suggests a transition in the initialization stage of Defender components. "Initialize Misc Config Library" likely refers to setting up various configuration settings, while "PostPlatformUpdate" indicates that this stage is completed following an update to the Defender platform.
    2. Subsequent Events - "PostPlatformUpdate" to "Service Started Successfully": These events show a sequential process in which Windows Defender progresses through different initialization stages. "Loading Engine" likely refers to the loading of the core antivirus engine, a critical part of Defender's functionality. The final message, "Service Started Successfully," confirms that the Defender service has successfully started and is operational.

    These types of events are normal for the operation and updating of Microsoft Defender Antivirus. The reason you started noticing these events from the 29th could be due to a particular update or a change in the logging behavior of Windows Defender. It's common for software updates to adjust or enhance how they log events.

    The absence of these events on your Windows 11 system might be due to different logging methods in Windows 10 and Windows 11, or it could be because Windows Defender operates differently when another antivirus software is in use. The registry keys related to these logs might also vary or be used differently in Windows 11.

    In conclusion, the events you've noticed are a standard part of Windows Defender's operation and not a cause for concern, especially since they align with an update process. The variation in logs between Windows 10 and Windows 11 could be attributed to differences in the operating system versions or configurations.

    Regards,

    Manson |Microsoft Community Support Specialist

    2 people found this answer helpful.
    0 comments
  2. Anonymous
    2023-12-04T07:53:02+00:00

    Hello, JJJ Ham

    Welcome to the Microsoft Community.

    Understood your problem, thank you for the information provided.

    There is no problem with your log, if you have any abnormalities in the use of the computer, you can contact us.

    In addition, because win10 has no system update patch, currently only security patch, you only need to update the security patch to the latest version, you can.

    You can rest assured that you can use the computer.

    If your problem is not solved, you can reply to the post again and we will continue to provide you with technical support. If our reply is helpful, please mark it as such. This will help other users who are experiencing the same problem as you! Thank you very much for your contribution to the community!

    Best wishes

    Bobhe | Microsoft Community Support Specialist

    1 person found this answer helpful.
    0 comments
  3. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more