5.02021-11-21T21:44:21ZTemplatesWindows Defender WMIWindows Defender WMI## Overview
Template utilizes **MSFT\_MpComputerStatus** class in Windows WMI to collect information about Windows Defender, such as:
* Antivirus Enabled/Disabled
* RealTimeProtection Enabled/Disabled
* BehaviorMonitor Enabled/Disabled
* OnAccessProtection Enabled/Disabled
* IoavProtection Enabled/Disabled
* Antispyware Enabled/Disabled
* RealTimeProtection Enabled/Disabled
* NIS Enabled/Disabled
* Age of last Full/Quick scans
* Last Date of scans
* Computer State
* Age of Signatures
All WMI information is gathered from official Microsoft documentation.
Keep in mind, that his might not work with Older Windows versions.
I checked the Min. Zabbix version 3.4, because some items have Regular expression pre-processing. However that could be removed, and template adapted to older Zabbix versions.
## Author
Zabbix CookBook
TemplatesComputer StateFeaturesScan Ages- Anti Spyware Protection Enabledwmi.get["root\microsoft\windows\defender","select AntispywareEnabled from MSFT_MpComputerStatus"]1h0CHARFeatures
- AntiSpyware Signature age in dayswmi.get["root\microsoft\windows\defender","select AntispywareSignatureAge from MSFT_MpComputerStatus"]3hdaysScan Ages{last()}>5Anti Spyware Signature was not updated for more then 5 days on {HOST.HOST}HIGH
- AntiSpyware Signature Last updatedwmi.get["root\microsoft\windows\defender","select AntispywareSignatureLastUpdated from MSFT_MpComputerStatus"]3h0TEXTScan AgesREGEX([0-9]+)
\1
- Anti Virus Enabledwmi.get["root\microsoft\windows\defender","select AntivirusEnabled from MSFT_MpComputerStatus"]1h0CHARFeatures{str(True)}<>1Anti Virus Disabled on {HOST.HOST}WARNING
- AntiVirus Signature Agewmi.get["root\microsoft\windows\defender","select AntivirusSignatureAge from MSFT_MpComputerStatus"]3hdaysScan Ages{last()}>5Anti Virus Signature was not updated for more then 5 days on {HOST.HOST}HIGH
- AntiVirus Signature Last updatedwmi.get["root\microsoft\windows\defender","select AntivirusSignatureLastUpdated from MSFT_MpComputerStatus"]3h0TEXTScan AgesREGEX([0-9]+)
\1
- Behavior Monitor Enabledwmi.get["root\microsoft\windows\defender","select BehaviorMonitorEnabled from MSFT_MpComputerStatus"]1h0CHARFeatures{str(True)}<>1Behavior Monitor Disabled on {HOST.HOST}WARNING
- Current computer statewmi.get["root\microsoft\windows\defender","select ComputerState from MSFT_MpComputerStatus"]10mComputer State{last()}=16Windows Defender has failed critically on {HOST.HOST}HIGH
- Full Scan Agewmi.get["root\microsoft\windows\defender","select FullScanAge from MSFT_MpComputerStatus"]3h!daysScan Ages{last()}>5Full Scan was not performed for more then 5 days on {HOST.HOST}AVERAGE
- Ioav Protection Enabledwmi.get["root\microsoft\windows\defender","select IoavProtectionEnabled from MSFT_MpComputerStatus"]1h0CHARFeatures{str(True)}<>1Ioav Protection Disabled on {HOST.HOST}WARNING
- NIS Protection Enabledwmi.get["root\microsoft\windows\defender","select NISEnabled from MSFT_MpComputerStatus"]1h0CHARFeatures{str(True)}<>1NIS Protection Disabled on {HOST.HOST}WARNING
- NIIS Signature age in dayswmi.get["root\microsoft\windows\defender","select NISSignatureAge from MSFT_MpComputerStatus"]3hdaysScan Ages{last()}>5NIIS Signature was not updated for more then 5 days on {HOST.HOST}HIGH
- NIS Signature Last updatedwmi.get["root\microsoft\windows\defender","select NISSignatureLastUpdated from MSFT_MpComputerStatus"]3h0TEXTScan AgesREGEX([0-9]+)
\1
- OnAccess Protection Enabledwmi.get["root\microsoft\windows\defender","select OnAccessProtectionEnabled from MSFT_MpComputerStatus"]1h0CHARFeatures{str(True)}<>1OnAccess Protection Disabled on {HOST.HOST}WARNING
- Quick Scan Agewmi.get["root\microsoft\windows\defender","select QuickScanAge from MSFT_MpComputerStatus"]3hdaysScan Ages{last()}>3Quick Scan was not performed for more then 3 days on {HOST.HOST}AVERAGE
- Real Time Protection Enabledwmi.get["root\microsoft\windows\defender","select RealTimeProtectionEnabled from MSFT_MpComputerStatus"]1h0CHARFeatures{str(True)}<>1Real Time Protection Disabled on {HOST.HOST}WARNING