Defender
C:\ProgramData\Microsoft\Windows Defender\Quarantine
C:\ProgramData\Microsoft\Windows Defender\Support
C:\ProgramData\Microsoft\WER
%User Profile%\AppData\Local\Microsoft\Windows\WER
Process log: SHA1, detection, tainted, SDN Query
Microsoft-Windows-Windows Defender%4Operational.evtx
Last updated