diff --git a/config/plugin/windows_defender_problem.ps1 b/config/plugin/windows_defender_problem.ps1
new file mode 100644
index 000000000..d2d0f4a38
--- /dev/null
+++ b/config/plugin/windows_defender_problem.ps1
@@ -0,0 +1,10 @@
+# This plugin checks to see if windows defender detects any threats to the node.
+
+$windowsDefenderThreats = (Get-MpThreat | Where-Object {$_.IsActive -or $_.DidThreatExecute})
+
+if ($windowsDefenderThreats.length -ne 0) {
+    Write-Host $windowsDefenderThreats
+    exit 1
+} else {
+    exit 0
+}
diff --git a/config/windows-defender-monitor.json b/config/windows-defender-monitor.json
new file mode 100644
index 000000000..2c46b8c63
--- /dev/null
+++ b/config/windows-defender-monitor.json
@@ -0,0 +1,21 @@
+{
+    "plugin": "custom",
+    "pluginConfig": {
+      "invoke_interval": "10m",
+      "timeout": "5s",
+      "max_output_length": 80,
+      "concurrency": 3
+    },
+    "source": "windows-defender-custom-plugin-monitor",
+    "metricsReporting": true,
+    "conditions": [],
+    "rules": [
+      {
+        "type": "temporary",
+        "reason": "WindowsDefenderThreatsDetected",
+        "path": "./config/plugin/windows_defender_problem.ps1",
+        "timeout": "3s"
+      }
+    ]
+  }
+  
\ No newline at end of file