As you may know I have been playing with OMS for a while, especially on the Log Analytics side and some security items. One of the solutions I added quickly was the Antimalware Assessment solution.
What the ANtimalware Assessment does is first of all check if you are protected at all. It will find some antivirus products and it will also see if a machine has nothing recognized outside of the last run of the Malicious Software Removal Tool which comes with Windows Updates every month. And for instance for System Center Endpoint Protection it can pick up on threats.
Today I had a chance to also see that part in action
So I got the following email:
This does also name which machine is involved and such.
So I went to my OMS workspace and went into the Antimalware Assessment to find this:
From here we can see which machine was affected and also that the threat has been quarantined already. The second blade tells me what item was found and at what time.
If you click on the threat or the machine you will get to see the log entries leading to this. It features things like which files in which path were found …read more
Read more here:: Bob