3,085 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 23%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Kindly go through the following Microsoft reference:
Review event logs and error codes to troubleshoot issues with Microsoft Defender Antivirus
Distinction between certain Windows Defender events
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 64%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECG%3C/text%3E%3C/svg%3E)
Christian Green
1
Reputation point
I am currently working with Windows Defender events and find the documentation to be missing clear explanation around the why there is a distinction between events such as Event Id 1006 - MALWAREPROTECTION_MALWARE_DETECTED and Event Id 1116 - MALWAREPROTECTION_STATE_MALWARE_DETECTED.
It appears to be that events containing Event Id 111? - MALWAREPROTECTION_STATE etc. are used in later versions of Windows.
Is this correct and is it then safe to assume that there would not be the possibility of encountering an event such as Event Id 100? etc. in later versions of Windows?
Thanks for any information around this.
Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
2 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Limitless Technology 44,766 Reputation points2022-12-20T10:14:16.25+00:00 Hi,
Thank you for posting your query.
Kindly follow the steps provided below to resolve your issue.
Open Event Viewer.
In the console tree, expand Applications and Services Logs, then Microsoft, then Windows, then Windows Defender.
Double-click on Operational.
In the details pane, view the list of individual events to find your event.
Click the event to see specific details about an event in the lower pane, under the General and Details tabs.
Go to this link for your reference and other troubleshooting procedures https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus
Do not hesitate to message us if you need further assistance.
If the answer is helpful kindly click "Accept as Answer" and up vote it.