Getting Microsoft Security Essentials to alert me when a threat has been found

1

Is there a way of getting Microsoft Security Essentials to alert me when a threat has been found?

I recently went through the log tab of Windows Defender and found a number of threats in the quarantine, but I have no idea how they got there. For future events, I would like to find out if and when I enter a hostile web page by having Microsoft Security EssentialsMicrosoft Security Essentials (or some 3rd party) notify me.

Is this possible? Perhaps some kind of tool that would monitor the Events log?

oligofren

Posted 2014-01-19T20:23:33.390

Reputation: 842

It already should by default. At least mine does, right after a clean installation of the operating system, and using the default settings – Ramhound – 2014-01-19T21:15:17.633

Hmmm ... I guess I am never around when these things happen then. I have never ever received a notification from Windows defender, except for the case when it has somehow been turned off or when the virus definitions are outdated. – oligofren – 2014-01-20T12:07:30.503

Answers

1

Microsoft Security Essentials by default briefly notifies you when it finds a threat and automatically takes care of it, the notification only lasts for a few seconds and that's why you probably never noticed it since it could've happened while you were away from your computer - it looks like this :

Automatic alert screenshot

"Detected threats are being cleaned up, no action required."

You can however disable this behavior and have Security Essentials prompt you before any action (it'll still prevent any malicious file from executing so no risk here), to do so open Security Essential's preferences and uncheck this option :

Preferences screenshot

"Apply recommended actions. Protect your computer by applying these actions when potential threats are detected."

This is a bit misleading since it seems like by disabling this the computer won't be safe anymore, but I've tested it (see below) and it still prevents any threat from executing while asking the user what to do, si it's still safe.

Now if a threat is detected, it'll display an alert like this instead :

Manual alert screenshot

"This application has detected a potential threat and has suspended it. Click on "Cleanup computer" to delete it. - Display details - Cleanup computer"

Clicking "Cleanup computer" will automatically delete the threat (equivalent to what it automatically did before), where as clicking "Display details" will open this window and will allow you to choose what to do (quarantine, delete, or allow the file) and get more info about the file itself :

Threat details screenshot

"This application has detected a potential threat that can affect your privacy or damage your computer. Your access to this file may be suspended until you take action. Click on "Display details" for more information..."

If you'd like to safely test this you can use the EICAR test file which is a harmless file but will be detected by all anti-malware programs as an evil and scary virus.

Copy and paste this string :

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Into a text editor (Notepad will do fine) and save it with the .exe extension (don't forget to select "All files" in the file save dialog, if you leave the default "Text files (.txt)" it'll save it as a .exe.txt which isn't what we want).

And there you go, it should automatically trigger your anti-malware program and you shouldn't be able to execute the file (on my system it says Access denied when I try).

user256743

Posted 2014-01-19T20:23:33.390

Reputation:

Thanks! Exactly what I was wondering. And you are right in thinking that users may think the option disabled security - I did :) – oligofren – 2014-05-21T07:54:38.780

Asked: 2014-01-19T20:23:33.390

Viewed: 1 084 times

Active: 2014-05-20T12:19:49.423