Windows Defender Threats

Windows Defender Threats


This plugin checks if there were any threats detected by Windows Defender or System Center Endpoint Protection. If one or more threats are found, the service will enter a critical state and display the number of threats found, the filenames, the usernames, and the date and time when the threats were detected.

You can acknowledge threats using a rule called "Defender acknowledged threats". Simply add some Detection IDs to this rule, and the threats related to these Detection IDs will no longer trigger alarms. The format of a Detection ID looks like 3F7AD35-C2F3-4C81-A7D7-4C67A1D10CC4.

Automatic inventory is supported. Install the agent, and the rest will be done automatically. One service will be called "AV threats Defender" (for Windows Defender) or "AV threats SCEP".

Latest Version

Version: 1.0.0
Packaged at: 10 Apr 2023
Created on Checkmk version: 2.1.0p2
Minimum Checkmk version required: 2.0.0p2
MKP MD5 hash: 03d0f6923cf6441de6e4f4c2ae835448
This version requires Checkmk version 2.0.0 or higher
Agent Based
  • windows/plugins/spit_defender_threats.ps1
Check Manuals
  • spit_defender_threats
  • check_mk/base/cee/plugins/bakery/
GUI Extensions
  • plugins/wato/
  • plugins/wato/
No reviews added yet.

By downloading packages from the Checkmk Exchange you agree to our Terms of Use.