Automating Defender Antivirus (Part 1)

by Mar 10, 2023

On Windows, PowerShell comes with cmdlets to automate the built-in antivirus engine “Defender”.

If you’d like to update the signatures automatically, try this:

PS C:\> Update-MpSignature

If you run this command from a script that you scheduled to run at given times, you are now in full control. No Administrator privileges needed.

Likewise, PowerShell can start a quick scan any time with just one command:

PS C:\> Start-MpScan -ScanType QuickScan 

The scan progress shows as PowerShell progress bars within the console, so there are no annoying dialog boxes opening.

And if you’d like to know the latest threats you were exposed to, let Defender output its threat analysis:

PS C:\> Get-MpThreat

CategoryID       : 27
DidThreatExecute : False
IsActive         : True
Resources        : 
RollupStatus     : 1
SchemaVersion    :
SeverityID       : 1
ThreatID         : 311978
ThreatName       : PUADlManager:Win32/DownloadSponsor
TypeID           : 0
PSComputerName   : 

Tweet this Tip! Tweet this Tip!