Troubleshooting and investigation antimalware configurations and malware incidents could require client log analysis. WMI querying provides another method for automating the retrieval of malware issues from protected clients.
- [Man] In this video, I'll discuss client logs and…WMI queries. So we've got a couple of other ways that we…can monitor endpoint protection in terms of its status…on our protective clients, like SCCM in-console monitoring…and Power Shell commandments. Let's dig a little bit…deeper. Starting by talking about getting into…client logs. All endpoint protection clients have…logged information about detected malware as well as…just the functioning of the anti malware client itself.…So with Windows 10 and Server 2016, the location of the…Endpoint Client Logs is under C, Program Data, Microsoft,…Windows Defender, Support. On the Windows 7 side,…you can see in a bit of a different location under C,…Program Data, Microsoft, Microsoft Anti Malware, Support.…
Let's go take a look at where those log files are…in both operating systems and let's take a look to…see what's in the logs. Here in Windows 10, I've got…a shortcut on the desktop that will take me straight…into that support location that we just discussed.…And in here you'll see a number of log files. Now the…
Author
Released
5/12/2017- Malware types
- Getting Endpoint Protection up and running
- Deploying the SCEP Windows client
- Removing malware on a SCEP client
- Configuring custom policies
- Planning an update strategy
- Windows firewall settings
- Using PowerShell cmdlets for monitoring
Skill Level Beginner
Duration
Views
Related Courses
-
Windows 10: Security
with Martin Guidry2h Intermediate -
Windows Server 2016 New Features
with Ed Liberman1h 14m Beginner
-
Introduction
-
Welcome1m 12s
-
What you should know1m 13s
-
-
1. Defining Malware Types
-
Social engineering3m 10s
-
Spyware and adware2m 56s
-
Phishing and ransomware5m 32s
-
-
2 Getting Endpoint Protection Up and Running
-
Server requirements5m 5s
-
Supported clients5m 27s
-
-
3. Endpoint Protection Policies
-
Hardening4m 13s
-
Default policy4m 33s
-
Policy settings5m 25s
-
Configure custom policies3m 51s
-
Plan an update strategy5m 3s
-
Windows firewall settings3m 54s
-
-
4. Monitoring Endpoint Protection
-
In-console monitoring5m 44s
-
Client logs and WMI queries5m 11s
-
Alerts and subscriptions4m 36s
-
Reports7m 45s
-
-
Conclusion
-
Next steps1m 11s
-
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.
CancelTake notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Client logs and WMI queries