Hello,
How to compare the settings found in the registry:
HKLM > SOFTWARE > Policies > Microsoft > Microsoft Antimalware > Scan
DWORD: ScheduleDay
Value: from 0 to 7
to the Event Viewer Event(s) 1000 & 1001 found in:
Applications and Services Logg > Microsoft > Windows > Windows Defender > Operational
Event ID 1000
Microsoft Defender Antivirus scan has started.
Log Name: Microsoft-Windows-Windows Defender/Operational
Source: Microsoft-Windows-Windows Defender
Date: 5/14/2023 2:00:36 AM
Event ID: 1000
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: VIPPARATA1.ad
Description:
Microsoft Defender Antivirus scan has started.
Scan ID: {2577AD54-2E6E-4B29-A95A-F26FE09A634F}
Scan Type: Antimalware
Scan Parameters: Full Scan
Scan Resources:
User: NT AUTHORITY\SYSTEM
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" />
<EventID>1000</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2023-05-14T09:00:36.591656400Z" />
<EventRecordID>10432</EventRecordID>
<Correlation />
<Execution ProcessID="2428" ThreadID="2396" />
<Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
<Computer>VIPPARATA1.ad</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Product Name">Microsoft Defender Antivirus</Data>
<Data Name="Product Version">4.18.2304.8</Data>
<Data Name="Scan ID">{2577AD54-2E6E-4B29-A95A-F26FE09A634F}</Data>
<Data Name="Scan Type Index">2</Data>
<Data Name="Scan Type">Antimalware</Data>
<Data Name="Scan Parameters Index">2</Data>
<Data Name="Scan Parameters">Full Scan</Data>
<Data Name="Domain">NT AUTHORITY</Data>
<Data Name="User">SYSTEM</Data>
<Data Name="SID">S-1-5-18</Data>
<Data Name="Scan Resources">
</Data>
</EventData>
</Event>
Event ID 1001
Microsoft Defender Antivirus scan has finished.
Log Name: Microsoft-Windows-Windows Defender/Operational
Source: Microsoft-Windows-Windows Defender
Date: 5/14/2023 1:54:12 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: VIPPARATA1.ad
Description:
Microsoft Defender Antivirus scan has finished.
Scan ID: {2577AD54-2E6E-4B29-A95A-F26FE09A634F}
Scan Type: Antimalware
Scan Parameters: Full Scan
User: NT AUTHORITY\SYSTEM
Scan Time: 11:53:36
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" />
<EventID>1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2023-05-14T20:54:12.982486900Z" />
<EventRecordID>10445</EventRecordID>
<Correlation ActivityID="{DF404DFD-B9A3-4817-B35C-7FFC0C1820C3}" />
<Execution ProcessID="2428" ThreadID="2396" />
<Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
<Computer>VIPPARATA1.ad</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Product Name">Microsoft Defender Antivirus</Data>
<Data Name="Product Version">4.18.2304.8</Data>
<Data Name="Scan ID">{2577AD54-2E6E-4B29-A95A-F26FE09A634F}</Data>
<Data Name="Scan Type Index">2</Data>
<Data Name="Scan Type">Antimalware</Data>
<Data Name="Scan Parameters Index">2</Data>
<Data Name="Scan Parameters">Full Scan</Data>
<Data Name="Domain">NT AUTHORITY</Data>
<Data Name="User">SYSTEM</Data>
<Data Name="SID">S-1-5-18</Data>
<Data Name="Scan Time Hours">11</Data>
<Data Name="Scan Time Minutes">53</Data>
<Data Name="Scan Time Seconds">36</Data>
</EventData>
</Event>
Thanks,
Dom