Eventlog on Anything About IT

Microsoft Defender Advanced Threat Protection – Respond Actions Events

Tue, 10 Dec 2019 22:10:23 +0000

Hey there, to be honest I had some difficulties to find the right title for todays blog post, so if you are still wondering here’s what this is all about. I had a customer asking me “how can we see what MDATP Respond actions were taken on a particular machine both from a Console and client perspective?”. At the time of writing this blog post we have the following machine response actions that trigger a remote action available for MDATP managed devices.

Enabling PowerShell logging for PowerShell Core 6 (Workaround)

Sat, 13 Jan 2018 02:02:41 +0000

By default, PowerShell Core does not log events to the Windows Event logs. From a security perspective this isn’t ideal, but that’s something I’ll take a closer look at later. To enable PowerShell logging you have to run RegisterManifest.ps1 which is located in the "C:\Program Files\PowerShell\6.0.0" folder. But unfortunately running that command would not work for me. Now this is the beauty of PowerShell being open sourced, the code as well as the comments from developers is publicly available. So after a short search within the GitHub repo of PowerShell Core I found references about the issue.

How to automate the creation of Windows Eventlog Custom Views

Sat, 17 Dec 2011 16:32:31 +0000

In the past couple of days I have been working on measuring system boot performance and you are probably going to see some posts from me on that subject soon. Today I want to share with you how you can automate the creation of a Windows Eventlog custom view.

While running these boot performance tests I reinstalled Windows several times on different systems and each time I wanted to collect the boot performance data from these clients I had to create a custom view within the Windows Event log to filter out the boot events. Well after doing that a few times manually I thought I would be better of to get that thing automated.