Is there a way of getting Microsoft Security Essentials to alert me when a threat has been found?
I recently went through the log tab of Windows Defender and found a number of threats in the quarantine, but I have no idea how they got there. For future events, I would like to find out if and when I enter a hostile web page by having Microsoft Security EssentialsMicrosoft Security Essentials (or some 3rd party) notify me.
Is this possible? Perhaps some kind of tool that would monitor the Events log?
Microsoft Security Essentials by default briefly notifies you when it finds a threat and automatically takes care of it, the notification only lasts for a few seconds and that’s why you probably never noticed it since it could’ve happened while you were away from your computer – it looks like this :
“Detected threats are being cleaned up, no action required.”
You can however disable this behavior and have Security Essentials prompt you before any action (it’ll still prevent any malicious file from executing so no risk here), to do so open Security Essential’s preferences and uncheck this option :
“Apply recommended actions. Protect your computer by applying these actions when potential threats are detected.”
This is a bit misleading since it seems like by disabling this the computer won’t be safe anymore, but I’ve tested it (see below) and it still prevents any threat from executing while asking the user what to do, si it’s still safe.
Now if a threat is detected, it’ll display an alert like this instead :
“This application has detected a potential threat and has suspended it. Click on “Cleanup computer” to delete it. – Display details – Cleanup computer”
Clicking “Cleanup computer” will automatically delete the threat (equivalent to what it automatically did before), where as clicking “Display details” will open this window and will allow you to choose what to do (quarantine, delete, or allow the file) and get more info about the file itself :
“This application has detected a potential threat that can affect your privacy or damage your computer. Your access to this file may be suspended until you take action. Click on “Display details” for more information…”
If you’d like to safely test this you can use the EICAR test file which is a harmless file but will be detected by all anti-malware programs as an evil and scary virus.
Copy and paste this string :
Into a text editor (Notepad will do fine) and save it with the
.exe extension (don’t forget to select “All files” in the file save dialog, if you leave the default “Text files (.txt)” it’ll save it as a
.exe.txt which isn’t what we want).
And there you go, it should automatically trigger your anti-malware program and you shouldn’t be able to execute the file (on my system it says Access denied when I try).