|
|
|
| WinDefLogView v1.05
Copyright (c) 2022 - 2024 Nir Sofer
|
Description
WinDefLogView is a tool for Windows 10 and Windows 11 that reads the event log of Windows Defender (Microsoft-Windows-Windows Defender/Operational) and
displays a log of threats detected by Windows Defender on your system. For every log line, the following information is displayed:
Filename, Detect Time, Threat Name, Severity, Category, Detection User, Action, Origin, and more...
You can view the detected threats log on your local computer, on remote computers on your network, and on external disk plugged to your computer.
System Requirements
- This tool works with Windows Defender of Windows 10 and Windows 11. Both 32-bit and 64-bit systems are supported.
You can also use this tool on older versions of Windows (e.g: Windows 7) to view the data on remote computer with Windows 10/11, or
to view the data stored on external drive with Windows 10 or Windows 11.
- This tool is just a small standalone .exe file that you can run on any system without installing anything.
Versions History
- Version 1.05
- Added option to change the sorting column from the menu (View -> Sort By). Like the column header click sorting, if you click again the same sorting menu item, it'll switch between ascending and descending order. Also, if you hold down the shift key while choosing the sort menu item, you'll get a secondary sorting.
- Added 'Sort By' toolbar button
- Fixed issue: When copying data to the clipboard or exporting to tab-delimited file, every line contained an empty field in the end of the line.
- Version 1.00 - First release.
Start Using WinDefLogView
WinDefLogView doesn't require any installation process or additional dll files. In order to start using it, simply run the executable file - WinDefLogView.exe
After running it, the main window of WinDefLogView displays the log of all threats detected on your system by Windows Defender. You can easily export the list to html/xml/tab-delimited/comma-delimited file by using the 'Save Selected Items' option. You can also copy the selected items to the clipboard (Ctrl+C) and then paste them into Excel with Ctrl+V.
View detected threats on remote computer
If you want to view the log of detected Windows Defender threats on remote computer, go to File -> Choose Data Source (or press F7),
choose 'Remote Computer' in the 'load from' combo-box and then type the name or IP address of the remote computer.
You must have full admin access to the remote computer in order to view the detected threats log.
If you want to view the detected threats on multiple remote computers, choose the 'Multiple Remote Computers' option and then
type the names of the computers, delimited by comma.
View detected threats on external drive
If you want to view the log of detected Windows Defender threats on external disk plugged to your computer, go to File -> Choose Data Source (or press F7),
choose 'External Folder' in the 'load from' combo-box and then choose the event log folder on the external drive (For example: G:\Windows\System32\Winevt\Logs).
Be aware that you must have read access to the event log folder and you may need to run this tool as Administrator in order to enable the read access to this folder.
The file needed by this tool is Microsoft-Windows-Windows Defender%4Operational.evtx
If the 'Read archive log files' option is enabled, WinDefLogView will also try to read the archive log files.
Translating WinDefLogView to other languages
In order to translate WinDefLogView to other language, follow the instructions below:
- Run WinDefLogView with /savelangfile parameter:
WinDefLogView.exe /savelangfile
A file named WinDefLogView_lng.ini will be created in the folder of WinDefLogView utility.
- Open the created language file in Notepad or in any other text editor.
- Translate all string entries to the desired language.
Optionally, you can also add your name and/or a link to your Web site.
(TranslatorName and TranslatorURL values) If you add this information, it'll be
used in the 'About' window.
- After you finish the translation, Run WinDefLogView, and all translated
strings will be loaded from the language file.
If you want to run WinDefLogView without the translation, simply rename the language file, or move
it to another folder.
License
This utility is released as freeware.
You are allowed to freely distribute this utility via CD-ROM, DVD,
Internet, or in any other way, as long as you don't charge anything for this and you don't
sell it or distribute it as a part of commercial product.
If you distribute this utility, you must include all files in
the distribution package, without any modification !
Disclaimer
The software is provided "AS IS" without any warranty, either expressed or implied,
including, but not limited to, the implied warranties of merchantability and fitness
for a particular purpose. The author will not be liable for any special, incidental,
consequential or indirect damages due to loss of data or any other reason.
Feedback
If you have any problem, suggestion, comment, or you found a bug in my utility,
you can send a message to support@nirsoft.net
WinDefLogView is also available in other languages. In order to change the language of
WinDefLogView, download the appropriate language zip file, extract the 'windeflogview_lng.ini',
and put it in the same folder that you Installed WinDefLogView utility.
|
|
|