Windows 10: Windows defender, this is something I found in Events viewer after I found the scan logs

Log Name: Microsoft-Windows-Windows Defender/Operational
Source: Microsoft-Windows-Windows Defender
Date: 9/7/2020 10:43:26 PM
Event ID: 5007
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: DESKTOP-QHAFREC
Description:
Windows Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\Scan\OfflineScanRun = 0x1
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\Scan\OfflineScanRun = 0x0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Windows Defender" Guid="{11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78}" />
<EventID>5007</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2020-09-08T03:43:26.997168500Z" />
<EventRecordID>412</EventRecordID>
<Correlation />
<Execution ProcessID="2944" ThreadID="5256" />
<Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
<Computer>DESKTOP-QHAFREC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Product Name">%%827</Data>
<Data Name="Product Version">4.18.2008.9</Data>
<Data Name="Old Value">HKLM\SOFTWARE\Microsoft\Windows Defender\Scan\OfflineScanRun = 0x1</Data>
<Data Name="New Value">HKLM\SOFTWARE\Microsoft\Windows Defender\Scan\OfflineScanRun = 0x0</Data>
</EventData>
</Event>

Does this look normal????

:)

 

Windows defender ofline scan

Peter,

Event viewer maintains a record of the scan starting at

Application & service logs,

Microsoft,

Windows,

Windows defender,

Operational,

Event IDs 2030, 5007

• WDO failures that Windows knew about would be recorded as EventID 2031
  
• but WDO failures while Windows was not running would not be recorded.

But there is no record of its completion unless it finds malware detections to report in

Windows defender security centre,

Virus & threat protection,

Scan history.

• The Last scan entry in that dialog refers to Windows defender itself not WDO.

Denis

 

Location of Windows Defender events saved in Event Viewer

In this https://docs.microsoft.com/en-us/wi...virus/troubleshoot-windows-defender-antivirus.
According to the the mentioned link the generated events should be displayed at the following location in the Event Viewer:- Application and Services Logs/Microsoft/Windows/Windows Defender Antivirus/Operational.

But on performing actions, Events are getting stored at this location in the event viewer:- Application and Services Logs/Microsoft/Windows/Windows Defender/Operational.

How can I get Microsoft Windows Defender Antivirus folder at this location:- Application and Services Logs/Microsoft/Windows in the event viewer. So that events start getting stored at this location:- Application and Services Logs/Microsoft/Windows/Windows
Defender Antivirus/Operational.

***Original title: Microsoft Defender Antivirus***

 

Windows Defender Scans

According to the Event Viewer, a Windows Defender Scan is listed it as "Scan Type: Antimalware." Does that include all threats?

When I do a manual scan, and then go to see the results, the results aren't there and the Scan history usually only lists an automatic scan done at a previous time, and I have to go tot he event viewer to see it. Is there a tool that will allow me to easily view only scans?

Also, is a quick scan sufficient? What does a scan of the OS drive do that is different that the quick scan?