Windows 10: Using pwsQuery to retrieve Event Information for Windows Defender

Discus and support Using pwsQuery to retrieve Event Information for Windows Defender in AntiVirus, Firewalls and System Security to solve the problem; Hi , I have a concern regarding the windows event viewer Microsoft-Windows-Windows Defender/Operational. How to fetch the current signature version... Discussion in 'AntiVirus, Firewalls and System Security' started by sarathgovind2, Jul 23, 2020.

  1. SARATHGOVIND2
    sarathgovind2 Win User

    Using pwsQuery to retrieve Event Information for Windows Defender


    Hi ,


    I have a concern regarding the windows event viewer Microsoft-Windows-Windows Defender/Operational.

    How to fetch the current signature version alone for the defender event id 2000 .


    I have written a code below


    LPWSTR pwsPath = L"Microsoft-Windows-Windows Defender/Operational";

    //<xpath query goes here>

    LPWSTR pwsQuery = L"*[System/EventID=2000]";
    EVT_HANDLE hResults = NULL;
    hResults = EvtQueryNULL, pwsPath, pwsQuery, EvtQueryChannelPath EvtQueryReverseDirection;
    if NULL == hResults
    {
    EvtSeekhResults, 0, NULL, 0, EvtSeekRelativeToCurrent;
    }


    this will display all the details of eventid 2000 , I need only the current signature version of the latest event event id :2000


    how to write the pwsQuery to obtain the required result


    [Original Title: Windows Defender]

    :)
     
    sarathgovind2, Jul 23, 2020
    #1
  2. SARATHGOVIND2
    sarathgovind2 Win User

    windows defender event viewer

    Hi ,

    I have a concern regarding the windows event viewer (Microsoft-Windows-Windows Defender/Operational).

    How to fetch the current signature version alone for the defender event id 2000 .

    I have written a code below

    LPWSTR pwsPath = L"Microsoft-Windows-Windows Defender/Operational";

    //<xpath query goes here>

    LPWSTR pwsQuery = L"*[System/EventID=2000]";

    EVT_HANDLE hResults = NULL;

    hResults = EvtQuery(NULL, pwsPath, pwsQuery, EvtQueryChannelPath | EvtQueryReverseDirection);

    if (NULL == hResults)

    {

    EvtSeek(hResults, 0, NULL, 0, EvtSeekRelativeToCurrent);

    }

    this will display all the details of eventid 2000 , I need only the current signature version of the latest event (event id :2000)

    how to write the pwsQuery to obtain the required result
     
    sarathgovind2, Aug 4, 2020
    #2
  3. SARATHGOVIND2
    sarathgovind2 Win User
    windows defender - event log description

    Hi ,

    I have a concern regarding the windows event viewer (Microsoft-Windows-Windows Defender/Operational).

    How to fetch the current signature version alone for the defender event id 2000 .

    I have written a code below

    LPWSTR pwsPath = L"Microsoft-Windows-Windows Defender/Operational";

    //<xpath query goes here>

    LPWSTR pwsQuery = L"*[System/EventID=2000]";

    EVT_HANDLE hResults = NULL;

    hResults = EvtQuery(NULL, pwsPath, pwsQuery, EvtQueryChannelPath | EvtQueryReverseDirection);

    if (NULL == hResults)

    {

    EvtSeek(hResults, 0, NULL, 0, EvtSeekRelativeToCurrent);

    }

    this will display all the details of eventid 2000 , I need only the current signature version of the latest event (event id :2000)

    how to write the pwsQuery to obtain the required result
     
    sarathgovind2, Aug 4, 2020
    #3
  4. RAMESH.KUMAR
    Ramesh.Kumar Win User

    Using pwsQuery to retrieve Event Information for Windows Defender

    windows defender

    Hello,

    Thank you for posting your query on Microsoft Community.

    The information provided by you is not enough for us to provide you troubleshooting step. So, I would appreciate if you can provide us the following information to narrow down the issue.

    • What issue you are facing with Windows Defender?
    • Are you willing to update Windows Defender?

    I would suggest you to refer the article mentioned below to ask question on the forum. After referring to the article do get back to us with more information related to your issue and we will be happy to assist you.

    Suggestions for asking a question on help forums


    Regards,
     
    Ramesh.Kumar, Aug 4, 2020
    #4
Thema:

Using pwsQuery to retrieve Event Information for Windows Defender

Loading...

  1. Using pwsQuery to retrieve Event Information for Windows Defender - Similar Threads - Using pwsQuery retrieve

  2. Your Power plan information isn't available. Why can't Windows retrieve this information? -...

    in Windows 10 Gaming
    Your Power plan information isn't available. Why can't Windows retrieve this information? -...: Hello, every time I try to open ANY of the system power plans for example Balanced. I get the following error "Your Power plan information isn't available. Why can't Windows retrieve this information?" I have already tried following attempts to fix with no success0. Power...

  3. Your Power plan information isn't available. Why can't Windows retrieve this information? -...

    in Windows 10 Software and Apps
    Your Power plan information isn't available. Why can't Windows retrieve this information? -...: Hello, every time I try to open ANY of the system power plans for example Balanced. I get the following error "Your Power plan information isn't available. Why can't Windows retrieve this information?" I have already tried following attempts to fix with no success0. Power...

  4. Windows defender "blocked" file but unable to retrieve it.

    in AntiVirus, Firewalls and System Security
    Windows defender "blocked" file but unable to retrieve it.: HiWindows defender blocked/removed a file but I cant get it backProtection History...This app has been blockedDetected: Misleading:Win32/LodiStatus: RemovedI could point to arrow and select allow.But file is not back.How do I get it back?...

  5. Information in Microsoft Event Viewer

    in Microsoft Windows 10 Store
    Information in Microsoft Event Viewer: Every time I finish FS 2020, I see the following results in Event Viewer! Does anyone have any idea what it depends on? Incorrect application path:\ Program Files \ WindowsApps \ Microsoft.FlightSimulator_1.11.7.0_x64__8wekyb3d8bbwe \ FlightSimulator.exe Problem signature...

  6. windows could not retrieve the information about the disks on this computer. windows 10...

    in Windows 10 Installation and Upgrade
    windows could not retrieve the information about the disks on this computer. windows 10...: So like in the subject, I'm trying to do a clean install on the windows 10 computer that I have in my room... but it's saying that it couldn't retrieve the information about the disks on the computer so yeah, I can't. I just want to know how I can fix this.. PLEASE KNOW THAT...

  7. windows defender event viewer

    in Windows 10 Customization
    windows defender event viewer: Hi , I have a concern regarding the windows event viewer Microsoft-Windows-Windows Defender/Operational. How to fetch the current signature version alone for the defender event id 2000 . I have written a code below LPWSTR pwsPath = L"Microsoft-Windows-Windows...

  8. Windows defender event log

    in AntiVirus, Firewalls and System Security
    Windows defender event log: , I would like an expert to be able to explain to me what the event log is saying. The thing I am wondering is why the windows defender gave me an option to either allow or remove Trojan win32 wacatac G ml. If the windows defender noticed it why didn't It remove the...

  9. windows defender business information

    in AntiVirus, Firewalls and System Security
    windows defender business information: I was here because i have to find out the way to remove my virus and malware from my website so i got only solution of windows defender which help me in this all procedure to remove any kind of virus from my website. With a big amount of registered cars in Dubai, you...

  10. Recurring Event, Cortana "Can't retrieve reminder"

    in Cortana
    Recurring Event, Cortana "Can't retrieve reminder": The issue I'm dealing with is that a reminder that has been removed from Cortana is still saved to my computer's instance of Outlook. Clicking on the reminder in the calendar sends me to Cortana, where I am met with the error: "Unable to retrieve reminder."...