S
sarathgovind2
Guest
Hi ,
I have a concern regarding the windows event viewer (Microsoft-Windows-Windows Defender/Operational).
How to fetch the current signature version alone for the defender event id 2000 .
I have written a code below
LPWSTR pwsPath = L"Microsoft-Windows-Windows Defender/Operational";
//<xpath query goes here>
LPWSTR pwsQuery = L"*[System/EventID=2000]";
EVT_HANDLE hResults = NULL;
hResults = EvtQuery(NULL, pwsPath, pwsQuery, EvtQueryChannelPath | EvtQueryReverseDirection);
if (NULL == hResults)
{
EvtSeek(hResults, 0, NULL, 0, EvtSeekRelativeToCurrent);
}
this will display all the details of eventid 2000 , I need only the current signature version of the latest event (event id :2000)
how to write the pwsQuery to obtain the required result
[Original Title: Windows Defender]
More...
I have a concern regarding the windows event viewer (Microsoft-Windows-Windows Defender/Operational).
How to fetch the current signature version alone for the defender event id 2000 .
I have written a code below
LPWSTR pwsPath = L"Microsoft-Windows-Windows Defender/Operational";
//<xpath query goes here>
LPWSTR pwsQuery = L"*[System/EventID=2000]";
EVT_HANDLE hResults = NULL;
hResults = EvtQuery(NULL, pwsPath, pwsQuery, EvtQueryChannelPath | EvtQueryReverseDirection);
if (NULL == hResults)
{
EvtSeek(hResults, 0, NULL, 0, EvtSeekRelativeToCurrent);
}
this will display all the details of eventid 2000 , I need only the current signature version of the latest event (event id :2000)
how to write the pwsQuery to obtain the required result
[Original Title: Windows Defender]
More...