Код:
Get-WinEvent -FilterHashtable @{LogName="Microsoft-Windows-Windows Defender/Operational"; Id=1116,1117} -MaxEvents 10 | ft -Wrap
ProviderName: Microsoft-Windows-Windows Defender
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
07.11.2020 12:36:35 1116 Warning Microsoft Defender Antivirus has detected malware or other potenti
ally unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/EICAR
_Test_File&threatid=224688&enterprise=0
Name: PUA:Win32/EICAR_Test_File
ID: 224688
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\User\Downloads\PotentiallyUnwanted.exe; we
bfile:_C:\Users\User\Downloads\PotentiallyUnwanted.exe|http://amt
so.eicar.org/PotentiallyUnwanted.exe|pid:11840,ProcessStart:132492
153952224654
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Downloads and attachments
User: PC\User
Process Name: Unknown
Security intelligence Version: AV: 1.327.473.0, AS: 1.327.473.0,
NIS: 1.327.473.0
Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5
07.11.2020 12:35:33 1117 Information Microsoft Defender Antivirus has taken action to protect this mach
ine from malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/
Bladabindi!ml&threatid=2147748148&enterprise=0
Name: Backdoor:Win32/Bladabindi!ml
ID: 2147748148
Severity: Severe
Category: Backdoor
Path: file:_C:\Users\User\Downloads\validatecloud.exe; webfile:
_C:\Users\User\Downloads\validatecloud.exe|https://wdtestgroundst
orage.blob.core.windows.net/public/validate/validatecloud.exe|pid:
9308,ProcessStart:132492153262273879
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
User: NT AUTHORITY\SYSTEM
Process Name: Unknown
Action: Quarantine
Action Status: No additional actions required
Error Code: 0x00000000
Error description: The operation completed successfully.
Security intelligence Version: AV: 1.327.473.0, AS: 1.327.473.0,
NIS: 1.327.473.0
Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5
07.11.2020 12:35:26 1116 Warning Microsoft Defender Antivirus has detected malware or other potenti
ally unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/
Bladabindi!ml&threatid=2147748148&enterprise=0
Name: Backdoor:Win32/Bladabindi!ml
ID: 2147748148
Severity: Severe
Category: Backdoor
Path: file:_C:\Users\User\Downloads\validatecloud.exe; webfile:
_C:\Users\User\Downloads\validatecloud.exe|https://wdtestgroundst
orage.blob.core.windows.net/public/validate/validatecloud.exe|pid:
9308,ProcessStart:132492153262273879
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
User: PC\User
Process Name: Unknown
Security intelligence Version: AV: 1.327.473.0, AS: 1.327.473.0,
NIS: 1.327.473.0
Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5
07.11.2020 12:33:07 1117 Information Microsoft Defender Antivirus has taken action to protect this mach
ine from malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/
Bladabindi!ml&threatid=2147748148&enterprise=0
Name: Backdoor:Win32/Bladabindi!ml
ID: 2147748148
Severity: Severe
Category: Backdoor
Path: file:_C:\Users\User\Downloads\validatecloud.exe; webfile:
_C:\Users\User\Downloads\validatecloud.exe|https://wdtestgroundst
orage.blob.core.windows.net/public/validate/validatecloud.exe|pid:
25596,ProcessStart:132492151800183820
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
User: NT AUTHORITY\SYSTEM
Process Name: Unknown
Action: Quarantine
Action Status: No additional actions required
Error Code: 0x00000000
Error description: The operation completed successfully.
Security intelligence Version: AV: 1.327.473.0, AS: 1.327.473.0,
NIS: 1.327.473.0
Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5
07.11.2020 12:33:01 1116 Warning Microsoft Defender Antivirus has detected malware or other potenti
ally unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/
Bladabindi!ml&threatid=2147748148&enterprise=0
Name: Backdoor:Win32/Bladabindi!ml
ID: 2147748148
Severity: Severe
Category: Backdoor
Path: file:_C:\Users\User\Downloads\validatecloud.exe; webfile:
_C:\Users\User\Downloads\validatecloud.exe|https://wdtestgroundst
orage.blob.core.windows.net/public/validate/validatecloud.exe|pid:
25596,ProcessStart:132492151800183820
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
User: PC\User
Process Name: Unknown
Security intelligence Version: AV: 1.327.473.0, AS: 1.327.473.0,
NIS: 1.327.473.0
Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5
