Tag: Windows Defender 1.1

Event ID 5008 — Microsoft Antimalware Engine Update

PCIS Support Team Leave a comment

Event ID 5008 — Microsoft Antimalware Engine Update

Updated: October 23, 2007

Applies To: Windows Server 2008

The Microsoft Antimalware Engine version is updated frequently to detect and remove the latest spyware or other potentially unwanted software. The Microsoft Antimalware Engine must be started and functioning correctly for a scan to successfully complete.

Event Details

Product: Windows Defender
ID: 5008
Source: Microsoft-Windows-Windows Defender
Version: 1.1
Symbolic Name: MALWAREPROTECTION_ENGINE_FAILURE
Message: %1 engine has been terminated due to an unexpected error. %tFailure Type:%b%5 %tException code:%b%6 %tResource:%b%3

Resolve
Restart Windows Defender

The scanning engine must be available when Windows Defender starts. Close Windows Defender and then open it again. If the scanning engine is still not available, restart the computer.

Verify

Windows Defender uses the scanning engine to run Windows Defender scans. To verify that the scanning engine updated successfully and is working correctly, you should run a Windows Defender quick scan.

To perform this procedure, you must be a member of the Users group, or you must have been delegated the appropriate authority.

To verify that the scanning engine updated successfully and is working correctly:

  1. Click Start, point to All Programs, and then click Windows Defender.
  2. Click the down arrow next to Scan, and then click Quick Scan.
  3. If the quick scan completes successfully, the scanning engine was updated successfully and is working correctly.

Related Management Information

Microsoft Antimalware Engine Update

Windows Defender

Related:

Event ID 5007 — Microsoft Antimalware Engine Update

PCIS Support Team Leave a comment

Event ID 5007 — Microsoft Antimalware Engine Update

Updated: October 23, 2007

Applies To: Windows Server 2008

The Microsoft Antimalware Engine version is updated frequently to detect and remove the latest spyware or other potentially unwanted software. The Microsoft Antimalware Engine must be started and functioning correctly for a scan to successfully complete.

Event Details

Product: Windows Defender
ID: 5007
Source: Microsoft-Windows-Windows Defender
Version: 1.1
Symbolic Name: MALWAREPROTECTION_CONFIG_CHANGED
Message: %1 Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware. %tOld value:%b%3 %tNew value:%b%4

Resolve

This is a normal condition. No further action is required.

Related Management Information

Microsoft Antimalware Engine Update

Windows Defender

Related:

Event ID 5001 — Real-Time Protection Availability

PCIS Support Team Leave a comment

Event ID 5001 — Real-Time Protection Availability

Updated: October 23, 2007

Applies To: Windows Server 2008

In order for Windows Defender to alert you when spyware or other potentially unwanted software is installed on a real-time basis, Real-Time Protection must be enabled and functioning correctly.

Event Details

Product: Windows Defender
ID: 5001
Source: Microsoft-Windows-Windows Defender
Version: 1.1
Symbolic Name: MALWAREPROTECTION_RTP_DISABLED
Message: %1 AS Real-time Protection scanning was disabled.

Resolve

This is a normal condition. No further action is required.

Related Management Information

Real-Time Protection Availability

Windows Defender

Related:

Event ID 3002 — Real-Time Protection Availability

PCIS Support Team Leave a comment

Event ID 3002 — Real-Time Protection Availability

Updated: October 23, 2007

Applies To: Windows Server 2008

In order for Windows Defender to alert you when spyware or other potentially unwanted software is installed on a real-time basis, Real-Time Protection must be enabled and functioning correctly.

Event Details

Product: Windows Defender
ID: 3002
Source: Microsoft-Windows-Windows Defender
Version: 1.1
Symbolic Name: MALWAREPROTECTION_RTP_AGENT_FAILURE
Message: %1 Real-Time Protection agent has encountered an error and failed to start. %tUser:%b%8\%9 %tAgent:%b%3 %tError Code:%b%4 %tError description:%b%5

Resolve
Enable Real-Time Protection

To resolve this issue, enable Real-Time Protection (RTP). RTP helps to protect users by examining auto-start extensibility points (ASEPs) where spyware or other potentially unwanted software tends to install itself. Real-Time Protection must be enabled so that Windows Defender can automatically examine the ASEPs.

To perform these procedures, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.

To enable Real-Time Protection:

  1. Click Start, point to All Programs, and then click Windows Defender.
  2. Click Tools, and then click Options.
  3. Select the Use real-time protection (recommended) check box, and then click Save.

Verify

Real-Time Protection must be enabled so that Windows Defender can alert you in real time when spyware or other potentially unwanted software is installed.

To perform these procedures, you must be a member of the Users group, or you must have been delegated the appropriate authority.

To verify that Real-Time Protection is enabled:

  1. Click Start, point to All Programs, and then click Windows Defender.
  2. Click Tools, and then click Options.
  3. Ensure that the Use real-time protection (recommended) check box is selected.
  4. Close Windows Defender.

Related Management Information

Real-Time Protection Availability

Windows Defender

Related: