Microsoft Antimalware

Applies To: Microsoft Antimalware for Microsoft Azure.

Overview

Microsoft Antimalware is an antivirus software (AV) product that fights malware (malicious software), including computer viruses, spyware, Trojan horses and rootkits. Microsoft Antimalware Service provides real-time protection, constantly monitoring activities on the computer and scanning new files as they are downloaded or created and disabling detected threats.

EventTracker monitors detected malware activity, action taken against malware activity, Quarantined malware restored, Removed history of malware and service status and generates flex reports, flex dashboards and alerts for rogue access point detected and system state changed.

EventTracker Knowledge Pack for Microsoft Antimalware allows you to monitor the following components:-

Security - Detected malware activity and action taken against malware activity.
Operation - Configuration changes and status of services.

Previous Next

Once Microsoft Antimalware is configured to deliver events to EventTracker Manager; alerts, dashboards and reports can be configured into EventTracker.

Some of the Knowledge Packs available in EventTracker are listed below. For more information please refer Integration Guide.

Operations

Reports

MS Antimalware-Configuration changes: This report provides details about all the configuration changes that are done.
MS Antimalware-Service stopped: This report provides details about all the services that are stopped.

Security

Alerts

MS Antimalware-Detected malware activity: This alert is generated when any malware activity is detected.
MS Antimalware-Action taken against malware activity: This alert is generated when an action is taken against the detected malware.
MS Antimalware-Quarantined malware restored: This alert is generated when a quarantined malware is restored.
MS Antimalware-Removed history of malware: This alert is generated when the malware history is removed or deleted.

Reports

MS Antimalware-Detected malware activity: This report provides details about all the malwares that are detected by Microsoft Antimalware.
MS Antimalware-Action taken against malware activity: This report provides details about all the action taken against malware activities.
MS Antimalware-Quarantined malware restored: This report provides details on all the quarantined malwares that were restored.
MS Antimalware-Removed history of malware: This report provides details about the malware history that was removed.

Scope

The configuration details in this guide are consistent with EventTracker version 8.x and later, Microsoft Antimalware for Microsoft Azure.

Documentation:

For more information please refer to the Integration guide