Event Viewer > Application and Services > Microsoft > Windows > Windows Defender > Operational
Get the full message using PowerShell:
> Get-WinEvent -FilterHashtable @{logname=’Microsoft-Windows-Windows Defender/Operational’; id=1123} | Select-Object Message
I added "C:\ubin\" to PATH, and added all custom BAT files there. Create 'blockedmessage.bat' as following and add to C:\ubin\ :
@echo off
REM *** KK-20191203
REM *** list full blocked message by defender
powershell -command "Get-WinEvent -FilterHashtable @{logname='Microsoft-Windows-Windows Defender/Operational'; id=1123} | Select-Object Message"
No comments:
Post a Comment