Microsoft Defender Advanced Threat Protection – Respond Actions Events

Hey there, to be honest I had some difficulties to find the right title for todays blog post, so if you are still wondering here’s what this is all about. I had a customer asking me “how can we see what MDATP Respond actions were taken on a particular machine both from a Console and client perspective?“. At the time of writing this blog post we have the following machine response actions that trigger a Read More …

Windows Defender, More than just Antivirus – Part 2

In the previous post I provided an overview of the history of Windows Defender and an overview of the various features that have the name Windows Defender in them. When then looked at Windows Defender SmartScreen and Windows Defender Cloud based protection. Today I’d like to continue with my notes from the field and personal experiences and take a look at Windows Defender Exploit guard. Again, the objective of this blog post is to inspire Read More …

How to manage LAPS DebugLogging with PowerShell

If you need to troubleshoot the Local Administrator Password Solution LAPS you can configure how much information is written into the Windows Event log. Logging options are set through the following REG_DWORD values described below under: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{D76B9641-3288-4f75-942D-087DE603E3EA}\ExtensionDebugLevel Value Meaning 0 Silent mode; log errors only When no error occurs, no information is logged about CSE activity This is a default value 1 Log Errors and warnings 2 Verbose mode, log everything Becasue navigating manually Read More …

How to automate the creation of Windows Eventlog Custom Views

In the past couple of days I have been working on measuring system boot performance and you are probably going to see some posts from me on that subject soon. Today I want to share with you how you can automate the creation of a Windows Eventlog custom view.   While running these boot performance tests I reinstalled Windows several times on different systems and each time I wanted to collect the boot performance data from Read More …

Using the Windows 7 Event log to check WLAN Link Quality

When using WLAN on a day to day basis we can see the WLAN signal strength via the Windows User Interface as shown in the screenshot below. But there are other ways, and yes the approach might appear a bit inconvenient, but basically I want to demonstrate the Power of the Windows Event log. First open the Windows Event viewer (eventvwr.msc) and then within the View Menu enable the Show Analytic and Debug Logs option. Read More …