This plugin checks if there were any threats detected by Windows Defender or System Center Endpoint Protection. If one or more threats are found, the service will enter a critical state and display the number of threats found, the filenames, the usernames, and the date and time when the threats were detected.
You can acknowledge threats using a rule called "Defender acknowledged threats". Simply add some Detection IDs to this rule, and the threats related to these Detection IDs will no longer trigger alarms. The format of a Detection ID looks like 3F7AD35-C2F3-4C81-A7D7-4C67A1D10CC4.
Automatic inventory is supported. Install the agent, and the rest will be done automatically. One service will be called "AV threats Defender" (for Windows Defender) or "AV threats SCEP".
V1.0.1: fixed an issue in the windows agent plugin with english date/time formats V1.0.2: fixed an issue with white spaces in the user name