none
How to auto send alert if when Windows Defender found and quarantined a suspected malware? RRS feed

  • Question

  • Is there a configuration/setting in Windows Server to automatically send an alert to a list of administrators if when Windows Defender found and quarantined a suspected malware? If not, is there a way to script it so that it'll send a notification to a list administrators?

    Thank you.

    Wednesday, November 13, 2019 8:28 PM

All replies

  • Hello,
    Thank you for posting in our TechNet forum.

    We can try the application in the following article.

    From the article, we can see:

    Enterprise security teams can use Microsoft Defender Security Center to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches.

    You can use Microsoft Defender Security Center to:

    1. View, sort, and triage alerts from your endpoints
    2. Search for more information on observed indicators such as files and IP Addresses
    3. Change Microsoft Defender ATP settings, including time zone and review licensing information.


    For more information, we can refer to the article.
    Microsoft Defender Security Center portal overview
    https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/portal-overview





    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, November 14, 2019 7:34 AM
    Moderator
  • Thank you for the reply. Is Microsoft Defender ATP came built-in with Windows Server 2012 and 2016? If not, is it free to download and use? If it's not free, then back to my original question about Windows Defender. Can Windows Defender be setup to send alert to administrators if it found a suspected malware and has already quarantined the file? If there is no such thing/setting, is there a possibility to write some type of script to send alerts?
    Thursday, November 14, 2019 2:16 PM
  • Hi,
    Q1: Is Microsoft Defender ATP came built-in with Windows Server 2012 and 2016?
    A1: No, it is not built-in.

    Q2: If not, is it free to download and use?
    A2: According to the link in last reply, we can sign up for a free trial.

    Q3: If it's not free, then back to my original question about Windows Defender. Can Windows Defender be setup to send alert to administrators if it found a suspected malware and has already quarantined the file?
    A3: According to my knowledge, ther is no such setting.

    Q4: If there is no such thing/setting, is there a possibility to write some type of script to send alerts?
    A4: I would like to suggest you post it to the Script Center, there will be many professional engineers sharing their experience with you.

    Script Centerhttps://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?category=scripting



    Meanwhile, there are a number of ways you can review protection status and alerts, depending on the management tool you are using for Windows Defender Antivirus. For more information, we can refer to the following article.

    Report on Windows Defender Antivirus
    https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus




    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 15, 2019 5:34 AM
    Moderator
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?


    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 18, 2019 1:44 AM
    Moderator
  • Hi,
    I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.
    Thanks for your time and have a nice day!


    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, November 20, 2019 2:52 AM
    Moderator