System Admin Stuff

Useful Posts Related to Windows,Unix,VMware,Veritas,Networking,Cluster etc.

Friday 10 July 2020

Want to use Microsoft Defender using PowerShell? Here's how.

You can manage settings and control virtually any aspect of the Microsoft Defender Antivirus using PowerShell commands, and in this guide, we'll help you get started.

On Windows 10, Microsoft Defender Antivirus (formerly Windows Defender Antivirus) is part of the Windows Security experience, and it provides a robust real-time protection against unwanted viruses, ransomware, spyware, rootkits, and many other forms of malware and hackers.

Although you can easily control everyday antivirus tasks through the Windows Security app, you can also manage the anti-malware solution using PowerShell commands, which can come in handy in many scenarios. For example, when you're trying to customize an option that happens not to be available via the graphical user interface (GUI), such as schedule a quick or full scan or signature update. You need to create scripts to automate some Microsoft Defender tasks. Or using commands instead of a GUI can also speed up the configuration process, especially when you need to apply the same settings on multiple installations of Windows 10.

In this Windows 10 guide, we'll walk you through the steps to get started managing Microsoft Defender Antivirus with PowerShell commands.

How to check status of Microsoft Defender

To check the current status of Microsoft Defender using PowerShell, use these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to see the Microsoft Defender Antivirus status and press Enter:

    Get-MpComputerStatus

  4. Confirm the AntivirusEnabled is reads True to know if the security solution is running.

In addition to checking whether the antivirus is running, the command output also displays other important information, such as the version of the engine and product version, real-time protection status, last time updated, and more.

How to check for updates on Microsoft Defender

To use PowerShell to update Microsoft Defender Antivirus with the latest definition, use these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to check to update Microsoft Defender Antivirus and press Enter:

    Update-MpSignature

Once you complete the steps, if new updates are available, they will download and install on your device.

How to perform quick virus scan with Microsoft Defender

To complete a quick scan using PowerShell, use these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to start a quick virus scan and press Enter:

    Start-MpScan -ScanType QuickScan

After you complete the steps, Microsoft Defender Antivirus will perform a quick virus scan on your device.

How to perform full virus scan with Microsoft Defender

To complete a full scan using commands on Windows 10, use these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to start a full virus scan and press Enter:

    Start-MpScan -ScanType FullScan

Once you complete the steps, the antivirus for Windows 10 will scan the entire system for any malware and malicious code.

How to perform custom virus scan with Microsoft Defender

To set up a custom scan using PowerShell, use these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to perform a custom Microsoft Defender Antivirus scan and press Enter:

    Start-MpScan -ScanType CustomScan -ScanPath PATH\TO\FOLDER-FILES

    In the command, make sure to update the path with the folder location you want to scan.

    For example, this command scans the Downloads folder:

    Start-MpScan -ScanType CustomScan -ScanPath "C:\Users\user\Downloads"

After you complete the steps, Microsoft Defender will only scan for viruses in the location you specified.

How to perform offline virus scan with Microsoft Defender

Microsoft Defender Antivirus also provides an offline scan option, which will come in handy when an unwanted malware infects the device which the antivirus isn't able to remove while Windows 10 is fully loaded.

To start an offline scan, use these steps:

Quick note: Before proceeding, make sure to save any work you may have open, as the command will immediately restart the device to perform an offline scan.

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to start an offline virus scan and press Enter:

    Start-MpWDOScan

Once you complete the steps, the device will restart automatically. It'll boot into the recovery environment, and it'll perform a full scan to remove viruses that otherwise wouldn't be possible to detect during the normal operation of Windows 10. After the scan, the device will restart automatically, and then you can view the scan report on Windows Security > Virus & thread protection > Protection history.

See this comprehensive guide to learn about offline scanning with Microsoft Defender Antivirus.

How to delete active threat on Microsoft Defender

To remove all active threats from your computer, use these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to eliminate active threat using Microsoft Defender and press Enter:

    Remove-MpThreat

After you complete the steps, the anti-malware solution will eliminate any active threats on the computer. Although this is an interesting command, it'll only work for threats that the antivirus hasn't already mitigated.

How to change preferences on Microsoft Defender

Using PowerShell commands, it's also possible to configure various features of the Microsoft Defender Antivirus. For example, you can exclude locations and files, specify quarantine retention period, run different scans, schedule virus scans, change scan preferences, and much more.

List preferences

To list all the available preferences for Microsoft Defender with PowerShell, use these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to get a full list of the current configurations for the Microsoft Defender Antivirus and press Enter:

    Get-MpPreference

Once you complete the steps, you'll understand all the settings that you can configure with the built-in antivirus.

The following commands are some examples of the preferences that you can customize using PowerShell.

Exclude locations

Microsoft Defender Antivirus includes an option to exclude folder locations from real-time and scheduled scanning.

To exclude a folder path with PowerShell, use these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to exclude a folder and press Enter:

    Set-MpPreference -ExclusionPath PATH\TO\FOLDER

    In the command, make sure to replace "PATH\TO\FOLDER" with the path you want to exclude.

    For example, this command excludes the Users folder from being scanned:

    Set-MpPreference -ExclusionPath C:\Users

After you complete the steps, Microsoft Defender will ignore the folders you specified during real-time and scheduled scanning.

If you want to remove a folder from the exclusion list, you can use this command: Remove-MpPreference -ExclusionPath "PATH\TO\FOLDER-FILES", and don't forget to update the command with the path you wish to remove.

Exclude file type

Also, to exclude locations, you can prevent certain file types from being scan with Microsoft Defender.

To exclude a file type with PowerShell, use these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to exclude a file type and press Enter:

    Set-MpPreference -ExclusionExtension EXTENSION

    In the command, make sure to replace "EXTENSION" with the extension you want to exclude.

    For example, this command excludes the Microsoft Word files from being scanned:

    Set-MpPreference -ExclusionExtension docx

Once you complete the steps, the file extension will be added to the database of formats that need to be ignored during malware real-time, custom, or scheduled scanning.

If you need to remove an extension from the exclusion list, then you can use this command: Remove-MpPreference -ExclusionExtension EXTENSION and don't forget to update the command with the extension you wish to remove.

Quarantine time before deletion

You can also specify the number of days to keep threats in quarantine with these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to specify the days to keep items in quarantine and press Enter:

    Set-MpPreference -QuarantinePurgeItemsAfterDelay DAYS

    In the command, make sure to replace "DAYS" for the number of days you want to keep items.

    For example, this command keeps items for 30 days before being deleted:

    Set-MpPreference -QuarantinePurgeItemsAfterDelay 30

    Quick tip: You can use the value of "0" (zero) or no value to set keep items indefinitely.

After you complete the steps, items in the Quarantine folder will be deleted automatically after the period you specified.

Schedule quick scan

To schedule a daily quick malware scan with a PowerShell command, use these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to schedule a daily quick scan and press Enter:

    Set-MpPreference -ScanScheduleQuickScanTime SCAN-TIME

    In the command, make sure to replace "SCAN-TIME" with the time in 24-hour format you want to run the scan.

    For example, this command schedules a quick scan every day at 6:00 am, local time:

    Set-MpPreference -ScanScheduleQuickScanTime 06:00:00

    Quick tip: You can specify no time value or set the time to two hours after midnight to reset the settings to their defaults.

Once you complete the steps, Microsoft Defender will perform a quick scan during the time you specified.

Schedule full scan

Using PowerShell commands, you can also specify the day and time to perform a full malware scan.

To schedule a full malware scan on Windows 10, use these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to schedule a full scan and press Enter:

    Set-MpPreference -ScanParameters 2

    Quick note: The number "2" in the parameter is what specifies Microsoft Defender a full scan.

  4. Type the following command to set a scan day and press Enter:

    Set-MpPreference -RemediationScheduleDay SCAN-DAY

    In the command, change the "SCAN-DAY" for the day (number) you wan to run the scan. Here are the available options:

    • 0 – Everyday
    • 1 – Sunday
    • 2 – Monday
    • 3 – Tuesday
    • 4 – Wednesday
    • 5 – Thursday
    • 6 – Friday
    • 7 – Saturday
    • 8 – Never

    For example, this command schedule the full scan for Sundays:

    Set-MpPreference -RemediationScheduleDay 1

    Quick tip: You can revert to the default scanning schedule using option number 8.

  5. Type the following command to specify a time for the scan and press Enter:

    Set-MpPreference -RemediationScheduleTime SCAN-TIME

    In the command, change "SCAN-TIME" with the time in 24-hour format you want to run the scan.

    For example, this command schedules a full scan at 6:00 am, local time:

    Set-MpPreference -RemediationScheduleTime 06:00:00

After you complete the steps, Microsoft Defender Antivirus will run a full scan on the day and time you specified in the preferences.

Disable antivirus

Although Microsoft Defender offers a command to disable the antivirus, it's guarded by the Tamper Protection feature, which you can only disable through the Virus & threat protection settings available in the Windows Security app.

To disable the antivirus, turn off Tamper Protection, and then use these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to temporarily disable Microsoft Defender Antivirus and press Enter:

    Set-MpPreference -DisableRealtimeMonitoring $true

Once you complete the steps, the real-time antivirus protection will be disabled until the next reboot. Or you can run this command: Set-MpPreference -DisableRealtimeMonitoring $false turn on real-time immediately via PowerShell.

If you want to disable the Microsoft Defender Antivirus permanently, you have to follow these instructions.

Enable external drive scanning

By default, the antivirus built-in to Windows 10 doesn't scan for malicious and unwanted programs inside removable storage, but you can change this behavior with these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to allow scanning for removable drives during a quick or full scan and press Enter:

    Set-MpPreference -DisableRemovableDriveScanning $false

After you complete the steps, the anti-malware feature will scan external storage devices during a full scan.

If you want to revert the changes, use the same instructions, but on step No. 3, use this command: Set-MpPreference -DisableRemovableDriveScanning $true.

Disable archive scanning

By default, the antivirus scans .zip, .cab, and other archive files, but if you have a reason not to scan archives, you can disable the option with these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to allow scanning for archives files during a quick or full scan and press Enter:

    Set-MpPreference -DisableArchiveScanning $true

Once you complete the steps, Microsoft Defender won't scan archive files.

If you want to undo the settings, you can use the same instructions, but on step No. 3, use this command: Set-MpPreference -DisableArchiveScanning $false.

Enable network drive scanning

To allow Microsoft Defender Antivirus to scan network drives, use these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to enable network drive scan during a quick or full scan and press Enter:

    Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan $false

After your complete the steps, network drives will be scanned for malicious and unwanted programs during a full scan.

If you want to roll back the original settings, you can use the same instructions, but on step No. 3, use this command: Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan $true.

You can always check this Microsoft support page to learn about the settings you can configure for the antivirus.

More Windows 10 resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:



0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

ShortNewsWeb

Loading...

Blog Archive

Categories

'The Woks of Life' Reminded Me to Cook With All the Flavors I Love (1) 13 of the Best Spooky Episodes From (Mostly) Un-Spooky Shows (1) 1Password Now Generates QR Codes to Share Wifi Passwords (1) 2024 (15) 30 Movies and TV Shows That Are Basically 'Competence Porn' (1) 30 of the Most Obscenely Patriotic Movies Ever (1) 31 Spooky Movies to Watch Throughout October (1) 40 Netflix Original Series You Should Watch (1) Active Directory (1) Adobe's AI Video Generator Might Be as Good as OpenAI's (1) AIX (1) and Max Bundle Isn't a Terrible Deal (1) Apache (2) Apple Intelligence Is Running Late (1) Apple Intelligence's Instructions Reveal How Apple Is Directing Its New AI (1) August 18 (1) August 4 (1) August 5 (1) Backup & Restore (2) best practices (1) bleepingcomputer (45) Blink Security Cameras Are up to 68% Off Ahead of Prime Day (1) CentOS (1) Configure PowerPath on Solaris (1) Documents (2) Don't Rely on a 'Monte Carlo' Retirement Analysis (1) Eight Cleaning Products TikTok Absolutely Loves (1) Eight of the Best Methods for Studying so You Actually Retain the Information (1) Eight Unexpected Ways a Restaurant Can Mislead You (1) Elevate Your Boring Store-Bought Pretzels With This Simple Seasoning Technique (1) Everything Announced at Apple's iPhone 16 Event (1) file system (6) Find (1) Five Red Flags to Look for in Any Restaurant (1) Flappy Bird's Creator Has Nothing to Do With Its 'Remake' (1) Four Reasons to Walk Out of a Job Interview (1) Four Signs Thieves Are Casing Your House (1) gaming (1) Hackers Now Have Access to 10 Billion Stolen Passwords (1) How I Finally Organized My Closet With a Digital Inventory System (1) How to Cancel Your Amazon Prime Membership After Prime Day Is Over (1) How to Choose the Best Weightlifting Straps for Your Workout (1) How to Keep Squirrels Off Your Bird Feeders (1) How to Set Up Your Bedroom Like a Hotel Room (and Why You Should) (1) How to Take a Screenshot on a Mac (1) How to Take Full Control of Your Notifications on a Chromebook (1) Hulu (1) If You Got a Package You Didn't Order (1) If You Hate Running (1) Important Questions (17) Install and Configure PowerPath (1) interview questions for linux (2) Is ‘Ultra-Processed’ Food Really That Bad for You? (1) Is Amazon Prime Really Worth It? (1) It Might Be a Scam (1) July 14 (1) July 21 (1) July 28 (1) July 7 (1) June 30 (1) LifeHacker (99) Linux (36) Meta Releases Largest Open-Source AI Model Yet (1) Monitoring (3) music (688) My Favorite 14TB Hard Drive Is 25% Off Right Now (1) My Favorite Amazon Deal of the Day: Apple AirPods Max (2) My Favorite Amazon Deal of the Day: Google Nest Mesh WiFi Router (1) My Favorite Amazon Deal of the Day: Google Pixel 8 (1) My Favorite Amazon Deal of the Day: SHOKZ OpenMove Bone Conduction Headphones (1) My Favorite Tools for Managing Cords and Cables (1) Nagios (2) Newtorking (1) NFS (1) OMG! Ubuntu! (688) Oracle Linux (1) oracleasm (3) osnews (21) Password less communication (1) Patching (2) Poaching Is the Secret to Perfect Corn on the Cob (1) powerpath (1) Prioritize Your To-Do List By Imagining Rocks in a Jar (1) Red Hat Exam (1) register (44) Rsync (1) Safari’s ‘Distraction Control’ Will Help You Banish (Some) Pop Ups (1) Samba (1) Scrcpy (1) September 1 (1) September 15 (1) September 2 (1) September 22 (1) September 23 (1) September 30 (1) September 8 (1) Seven Home 'Upgrades' That Aren’t Worth the Money (1) ssh (1) Swift Shift Is the Window Management Tool Apple Should Have Built (1) System hardening (1) Target’s Answer to Prime Day Starts July 7 (1) Tech (9533) Tech CENTRAL (15) Technical stories (100) technpina (6) The 30 Best Movies of the 2020s so Far (and Where to Watch Them) (1) The 30 Best Sports Movies You Can Stream Right Now (1) The Best Deals on Robot Vacuums for Amazon’s Early Prime Day Sale (2) The Best Deals on Ryobi Tools During Home Depot's Labor Day Sale (1) The Best Early Prime Day Sales on Power Tools (1) The Best Movies and TV Shows to Watch on Netflix This Month (1) The Best Places to Go When You Don't Want to Be Around Kids (1) The Best Strategies for Lowering Your Credit Card Interest Rate (1) The Best Ways to Store All Your Bags and Purses (1) The Latest watchOS Beta Is Breaking Apple Watches (1) The New Disney+ (1) The Two Best Times of Year to Look for a New Job (1) These Meatball Shots Are My Favorite Football Season Snack (1) These Milwaukee Tools Are up to 69% off Right Now (1) This Google Nest Pro Is 30% Off for Prime Day (1) This Peanut Butter Latte Isn’t As Weird As It Sounds (1) This Tech Brand Will Get the Biggest Discounts During Prime Day (1) Three Quick Ways to Shorten a Necklace (1) Today’s Wordle Hints (and Answer) for Monday (4) Today’s Wordle Hints (and Answer) for Sunday (11) Try 'Pile Cleaning' When Your Mess Is Overwhelming (1) Try 'Rucking' (1) Ubuntu News (345) Ubuntu! (1) Unix (1) Use This App to Sync Apple Reminders With Your iPhone Calendar (1) veritas (2) Videos (1) Was ChatGPT Really Starting Conversations With Users? (1) Watch Out for These Red Flags in a Realtor Contract (1) Wayfair Is Having a '72-Hour Closeout' Sale to Compete With Prime Day (1) We Now Know When Google Will Roll Out Android 15 (1) What Is the 'Die With Zero' Movement (and Is It Right for You)? (1) What Not to Do When Training for a Marathon (1) What's New on Prime Video and Freevee in September 2024 (1) Windows (5) You Can Easily Add Words to Your Mac's Dictionary (1) You Can Get 'World War Z' on Sale for $19 Right Now (1) You Can Get a Membership to BJ's for Practically Free Right Now (1) You Can Get Beats Studio Buds+ on Sale for $100 Right Now (1) You Can Get Microsoft Visio 2021 Pro on Sale for $20 Right Now (1) You Can Get This 12-Port USB-C Hub on Sale for $90 Right Now (1) You Can Get This Roomba E5 Robot Vacuum on Sale for $170 Right Now (1) You Can Hire Your Own Personal HR Department (1) You Can Set Different Scrolling Directions for Your Mac’s Mouse and Trackpad (1)

Recent Comments

Popular Posts

Translate

My Blog List

Popular

System Admin Share

Loading...

Total Pageviews

Copyright © System Admin Stuff | Powered by Blogger
Published By Blogger Template | Design By ThemePix.com | Blogger Theme By Premium Blogger Templates