Antivirus (sec-av)
Checks the status of Windows Defender: real-time protection, signature freshness, and detected threats.
Configuration
| Parameter | Type | Default | Description |
|---|
enabled | bool | true | Enable/disable module |
signature_age_warning_hours | int | 48 | Signature age for warning (hours) |
signature_age_error_hours | int | 168 | Signature age for error (7 days) |
check_third_party_av | bool | true | Check third-party antivirus |
YAML Example
sec_av:
enabled: true
signature_age_warning_hours: 24
signature_age_error_hours: 72
check_third_party_av: true
Diagnostic Codes
| Code | Severity | Meaning | Recommendation |
|---|
| 3000 | 0 | Defender active, no threats | — |
| 3001 | 2 | Malware detected | Investigate and remediate threat immediately |
| 3002 | 1–2 | Signatures outdated | Run Windows Update |
| 3003 | 2 | Real-time protection or service disabled | Re-enable Defender |
| 3090 | 1 | Unable to query Defender status | Check PowerShell permissions |
- Linux: Not available (ClamAV support planned).
- Windows: Checks Windows Defender via
Get-MpComputerStatus and Get-MpThreatDetection.