PowerShell for Windows Admins

Nov 29 2013   12:43PM GMT

Windows 8.1 Defender module

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Windows 8.1 includes a module – Defender for working with the anti-malware engine on the machine. I’m presuming this means Windows Defender only

The starting point is Get-MpComputerStatus

£> Get-MpComputerStatus

AMEngineVersion : 1.1.10100.0
AMProductVersion : 4.3.9600.16384
AMServiceEnabled : True
AMServiceVersion : 4.3.9600.16384
AntispywareEnabled : True
AntispywareSignatureAge : 2
AntispywareSignatureLastUpdated : 27/11/2013 11:14:50
AntispywareSignatureVersion : 1.163.737.0
AntivirusEnabled : True
AntivirusSignatureAge : 2
AntivirusSignatureLastUpdated : 27/11/2013 11:14:50
AntivirusSignatureVersion : 1.163.737.0
BehaviorMonitorEnabled : True
ComputerID : 10EEA25B-DB88-4238-BA5C-C500519F9C56
ComputerState : 0
FullScanAge : 4294967295
FullScanEndTime :
FullScanStartTime :
IoavProtectionEnabled : True
LastFullScanSource : 0
LastQuickScanSource : 2
NISEnabled : False
NISEngineVersion : 2.1.10003.0
NISSignatureAge : 4294967295
NISSignatureLastUpdated :
NISSignatureVersion : 109.17.0.0
OnAccessProtectionEnabled : True
QuickScanAge : 1
QuickScanEndTime : 27/11/2013 21:48:57
QuickScanStartTime : 27/11/2013 21:47:16
RealTimeProtectionEnabled : True
RealTimeScanDirection : 0
PSComputerName :

which shows a lot of useful data.

The cmdlet has a CimSession parameter so you can work with remote Windows 8.1 machines. This module isn’t available on Windows 2012 R2.

Other cmdlets include:

Add-MpPreference
Get-MpComputerStatus
Get-MpPreference
Get-MpThreat
Get-MpThreatCatalog
Get-MpThreatDetection
Remove-MpPreference
Remove-MpThreat
Set-MpPreference
Start-MpScan
Update-MpSignature

If you think the output is reminiscent of a WMI class you’re right. The cmdlet is CDXML built from the ROOT\Microsoft\Windows\Defender\MSFT_MpComputerStatus CIM class

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: