detection.wiki

Microsoft-Windows-Windows Defender › Event 1006

Event ID 1006 — ProductName has detected malware or other potentially unwanted software.

Provider
Microsoft-Windows-Windows Defender
Channel
Operational
Collection Priority
Recommended (Microsoft-Defender, others)

Description

ProductName has detected malware or other potentially unwanted software.

Message #

%1 has detected malware or other potentially unwanted software.
 For more information please see the following:
%15
 	Name: %11
 	ID: %12
 	Severity: %25
 	Category: %26
 	Path Found: %16
 	Detection Type: %22
 	Detection Source: %5
 	Status: %20
 	User: %8\%9
 	Process Name: %7
 	Security intelligence Version: %27
 	Engine Version: %28

Fields #

NameDescription
ProductName UnicodeString
ProductVersion UnicodeString
DetectionID UnicodeString
DetectionSourceIndex UnicodeString
DetectionSource UnicodeString
Unused UnicodeString
ProcessName UnicodeString
Domain UnicodeString
User UnicodeString
SID UnicodeString
ThreatName UnicodeString
ThreatID UnicodeString
SeverityID UnicodeString
CategoryID UnicodeString
PathFound UnicodeString
DetectionOriginIndex UnicodeString
DetectionOrigin UnicodeString
ExecutionStatusIndex UnicodeString
ExecutionStatus UnicodeString
DetectionTypeIndex UnicodeString
DetectionType UnicodeString
Unused2 UnicodeString
Unused3 UnicodeString
SeverityName UnicodeString
CategoryName UnicodeString
SecurityintelligenceVersion UnicodeString
EngineVersion UnicodeString

References #