Windows Defender, More than just Antivirus – Part 2

In the previous post I provided an overview of the history of Windows Defender and an overview of the various features that have the name Windows Defender in them. When then looked at Windows Defender SmartScreen and Windows Defender Cloud based protection. Today I’d like to continue with my notes from the field and personal experiences and take a look at Windows Defender Exploit guard. Again, the objective of this blog post is to inspire Read More …

Retrieving Windows Defender Exploit Guard Windows Event logs with PowerShell

Most of the features included in Windows Defender Exploit Guard can be enabled in audit or block mode. The impact can then be analyzed either by looking at the corresponding Windows Event log entries or through advanced hunting queries in Windows Defender ATP. Today, I’ll share a script I recently wrote to quickly pull Windows Defender Exploit Guard related events from the Windows Event log. Anytime soon I will share some Kusto queries for the Read More …