Problem

MS Security Essentials may be installed on up to 10 PCs in your network, respectively is inclued in Windows 8 / 8.1. But it does not offer any kind of central management software. Most settings can be done with GPO registry settings, but it would also be interesting for the administrator to get some information when any virus is found on any PC in the network.

Solution

This can be done using group policies.

E.g. under Computer Configuration -> Preferences -> Control panel settings -> Scheduled Tasks, create a new task.

You can choose the SYSTEM user to run this task, without using a password.

Create a trigger for Event 1116, Source Microsoft Antimalware, Protocol System.

Create an action, „send mail“. Enter your mailserver’s connection data.

To get the dynamic information on which PC the event was generated, you could attach a local file which is commonly available in Windows OS and contains the computer name: c:windowsdebugnetsetup.log

  [email protected]