The Microsoft Windows Defender agent plugin is an extension for the monitoring software Checkmk.
It can be integrated into Checkmk 2.3 or newer.
You can download the extension package as an .mkp file from the releases in this repository and upload it directly to your Checkmk site.
See the Checkmk documentation for details.
The plugin provides monitoring of Windows Defender health, including running mode, enabled features, scan age, and outdated signatures.
See Check Details for more information.
This check monitors the health of the Windows Defender. It provides information about
- Expected Running Mode
- Expected Enabled Features
- Quick Scan Age in Days
- Full Scan Age in Days
- Signatures out of Date
- Expected Running Mode: Define the expected running mode for the Windows Defender. If the actual mode differs from the expected mode, then the service will be CRIT.
- Expected Enabled Features: Select which Windows Defender features must be enabled. If any of the selected features are disabled on the system, then the service will be CRIT. The default selection includes all protection features.
- Max. Quick Scan Age: Specify the upper thresholds for the maximum age of the last quick scan. The default values are 3 days (WARN) and 6 days (CRIT). To ignore the quick scan age, select "No levels".
- Max. Full Scan Age: Specify the upper thresholds for the maximum age of the last full scan. There are no default thresholds. To ignore the full scan age, select "No levels".
- Outdated Signatures State: Set the service state when Windows Defender signatures are outdated. By default, Windows Defender considers signatures outdated after 14 days, but this can be configured via Group Policy, SCCM, etc. The default severity level is WARN.