How to view event log?

  • Thread starter Thread starter Annealer
  • Start date Start date
A

Annealer

I received a small alert popup in the system tray saying some program made an
approved system change or something to that effect. The alert disappeared
very quickly. I can't find any way to view a list of alerts/events in Windows
Defender. Can anyone tell me if this is possible?

Thanks.
 
In all likelyhood, this was a change related to a driver install or perhaps
a hosts file change that you initiated. Start, run, eventvwr.msc and hit
enter.

Look in the system event log.
 
You can go to the System Event log:

Start, run, eventvwr.msc <enter>

Click on the System event log

Go to View, choose Filter, and choose "windefend" in the source control.

Look for yellow triangle entries that give the precise path and location of
what was detected, and use the button provided to paste the content of the
detection back to a message here.
-=-
 
Hi,

I appreciate your response. I already had checked event viewer but the
problem is that it only seems to contain events that generated alerts that I
had to acknowledge. I got another alert just a few minutes ago like the one I
mentioned in my original post and I had a bit more time to see what the alert
was. It was saying mpcmdrun.exe (defender) made some change to something.
However, once again this event wasn't in the event viewer.
 
I think I can identify that alert:

You've checked the box in Windows Defender to be notified of changes made by
"approved" programs (sorry--not precise wording.)

This change happens once per boot--and it is Windows Defender scheduling the
scheduled scan--this gets re-scheduled once per startup--so you will see
this alert each time you start the system.

It's a judgment call: Viruses or spyware might use the scheduler as a
mechanism to keep the trojan or virus alive--so such an alert from software
you don't recognize might be significant--but in return, you'll be lulled by
seeing this alert on each startup.

Personally, I only turn on that setting when I am installing something and
want to get a clearer idea what it does--and then I turn it off again.
 
Back
Top