diff --git a/doc/300-Knowledge-Base.md b/doc/300-Knowledge-Base.md
index 292df4af..7fd6999d 100644
--- a/doc/300-Knowledge-Base.md
+++ b/doc/300-Knowledge-Base.md
@@ -19,3 +19,4 @@ For this reason you will find a list of Icinga knowledge base entries below. Ent
 | [IWKB000009](knowledgebase/IWKB000009.md) | The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service |
 | [IWKB000010](knowledgebase/IWKB000010.md) | The Icinga PowerShell Framework is either not installed on the system or not configured properly. Please check https://icinga.com/docs/windows for further details Error: The term 'Use-Icinga' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. |
 | [IWKB000011](knowledgebase/IWKB000011.md) | The Icinga PowerShell Framework is either not installed on the system or not configured properly. Please check https://icinga.com/docs/windows for further details Error: The term 'Use-Icinga' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. |
+| [IWKB000012](knowledgebase/IWKB000012.md) | Icinga for Windows cannot be used with Microsoft Defender: `Windows Defender Antivirus has detected malware or other potentially unwanted software` |
diff --git a/doc/images/04_knowledgebase/IWKB000012/01_Defender_Log.png b/doc/images/04_knowledgebase/IWKB000012/01_Defender_Log.png
new file mode 100644
index 00000000..a335f486
Binary files /dev/null and b/doc/images/04_knowledgebase/IWKB000012/01_Defender_Log.png differ
diff --git a/doc/knowledgebase/IWKB000012.md b/doc/knowledgebase/IWKB000012.md
new file mode 100644
index 00000000..3ae283b7
--- /dev/null
+++ b/doc/knowledgebase/IWKB000012.md
@@ -0,0 +1,19 @@
+# Icinga Knowledge Base - IWKB000012
+
+## Short Message
+
+Icinga for Windows cannot be used with Microsoft Defender: `Windows Defender Antivirus has detected malware or other potentially unwanted software`
+
+## Example Exception
+
+![EventLog Defender](../images/04_knowledgebase/IWKB000012/01_Defender_Log.png)
+
+## Reason
+
+Icinga for Windows is using many `Functions` and `Cmdlets` and different `Add-Type` features, to accomplish an overall monitoring of the Windows environment. In some cases it can happen, that false positives are generated, preventing the usage of Icinga for Windows.
+
+## Solution
+
+In case you are running into the above problem, please [open a new issue](https://github.com/Icinga/icinga-powershell-framework/issues) and provide us with as much information as possible, allowing us to verify the problem and providing a solution.
+
+In addition, please ensure that your Microsoft Defender is up-to-date and the latest patches are installed for the detection engine.