Start Scans with Microsoft Defender from the command line (Powershell)

Microsoft Defender commands
In Windows 10, Microsoft Defender Antivirus (or Windows Defender) is an integral part of Windows security settings and provides robust real-time protection against viruses, ransomware, spyware, rootkits, and many other forms of malware. In recent years it has also become one of the best antiviruses ever, beating even the most well-known paid protection programs for performance and defense capabilities.We have already seen in another article how to use Microsoft Defender in Windows 10, through the options of the Settings app, which in the Security section leads to open all the tools to perform scans and activate advanced protections. Furthermore, it is always possible to scan a single file or folder by pressing on it with the right mouse button and using the relative option “Analyze with Microsoft defender“.

For the best, but also for those who want to learn something new and those who want to have greater control over the Windows 10 antivirus, let’s see now how they can configure¬†options and start virus scans without opening any window, only with a command line for use in Powershell. Powershell is now the default command line console of Windows 10, the evolution of the DOS prompt, as seen in the guide on the difference between Powershell and Command Prompt.

To use Powershell just press the right mouse button on the Start menu or search for Powershell in the Start menu, choosing, in this case, to start it as administrator by pressing on it with the right mouse button. Each command can be typed and executed by pressing Enter on the keyboard or it can be copied and pasted by pressing the right button on Powershell.

Below, the list of commands to scan with Microsoft Defender from Powershell and also to activate scheduled scans or check the status of the Windows 10 antivirus.

1) How to check the status of Microsoft Defender

To check the status of Microsoft Defender using PowerShell, write (or copy and paste):

Get-MpComputerStatus

If AntivirusEnabled is True, then Microsoft Defender is working correctly to protect your PC. In addition to checking if the antivirus is running, the command output also displays other important information, such as the latest version update and real-time protection status.

2) To check for updates on Microsoft Defender

Update-MpSignature

with this command, available updates for Microsoft Defender will be downloaded and installed on your computer.

3) To run a quick virus scan with Microsoft Defender

The most interesting and most useful command to use through Powershell is certainly the one to do a quick virus check on the system. The command to write or copy and paste is:

Start-MpScan -ScanType QuickScan

4) To do a full scan with Microsoft Defender

The full scan checks all folders on your PC and every single file, so it will take a certain amount of time. To start it (it starts immediately without asking for confirmation) from Powershell you can use the command:

Start-MpScan -ScanType FullScan

The same scan can also be performed in the background, so that it works without interrupting the work on the PC, via the command:

Start-MpScan -ScanType FullScan -AsJob

5) Custom scan to a folder

You can also scan for malware for a single folder on your PC by running the command:

Start-MpScan -ScanType CustomScan -ScanPath PERCORSO-CARTELLA

For example: Start-MpScan -ScanType CustomScan -ScanPath “C:UsersuserDownloads”

6) Microsoft Defender offline scanning

Microsoft Defender’s offline scan, already explained in the past, is the one to use to remove malware that is difficult to detect because it is in use by the PC. Antivirus, in fact, may not be able to find malware if Windows is up and running and if the virus is hidden and camouflaged behind processes that look good. With offline scanning, the PC is restarted by loading only the antivirus, so that all internal files in the system can be checked without hindrance.

The command to use, following which the PC restarts (without asking for confirmation) and performs a full scan (so first you have to save all the pending work and not have to work on it for a while) is the following:

Start-MpWDOScan

Once your PC restarts, you will only see the Windows Defender Antivirus loading screen which will show the progress of the offline scan. Once the test is complete, you can view the offline scan report in the settings, to section Windows Security> Virus & threat protection> Protection history.

7) Open and change all Microsoft Defender options

It may seem inconvenient to change the Antivirus Defender options in Windows 10 using Powershell, but there is a really important advantage. Through Powershell, in fact, it is possible to change some Microsoft Defender options that are not available from the Security Settings screen. In practice, you can change hidden options and use some really effective tricks to improve the protection of your PC. Below, the commands and their meaning.

7.1) To see the option status Microsoft Defender use the command:

Get-MpPreference

7.2) Per exclude a folder from protection and virus scans:

Set-MpPreference -ExclusionPath PERCORSO-CARTELLA

7.3) Per exclude a file type from real-time control and protection:

Set-MpPreference -ExclusionExtension ESTENSIONE-FILE

For example, the file extension can be zip O Docx

7.4) To choose after how many days to delete infected files or suspected quarantined:

Set-MpPreference -QuarantinePurgeItemsAfterDelay NUMERO-GIORNI

7.5) To include virus check ad external drives and USB sticks connected to the PC:

Set-MpPreference -DisableRemovableDriveScanning $false

7.6) To disable virus checking of scans on archive files such as ZIP or CAB:

Set-MpPreference -DisableArchiveScanning $true

7.7) To also check the network disks:

Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan $false

8) Set the schedule for a malware scan with Microsoft Defender

Through Powershell, you can schedule quick scans to run at a set time, every day, throughout the week. To schedule a quick scan on Microsoft Defender, type the following command:

Set-MpPreference -ScanScheduleQuickScanTime ORARIO

In place of TIME, write the time like this: 13:00:00

9) Full scan scheduled one day a week

If you want to do a full scan every day or schedule it one day a week, you need to run these commands in Powershell

Set-MpPreference -ScanParameters 2

Next, run this command by changing the NUMBER to a number from 1 to 7 representing the day of the week:

Set-MpPreference -RemediationScheduleDay NUMERO-GIORNO

Finally, run the command on Powershell and specify the time:

Set-MpPreference -RemediationScheduleTime ORARIO

10) Disable the real-time protection of the antivirus

If you want to disable Microsoft Defender with a shortcut, you can use Powershell and run:

Set-MpPreference -DisableRealtimeMonitoring $true

READ ALSO: Antivirus for Windows 10: just Windows Defender?

LEAVE A REPLY

Please enter your comment!
Please enter your name here