To quickly check if Windows Defender is running on your computer and find out the last antivirus definition update date, run the following PowerShell command: Get-MpComputerStatus | Select-Object -Property Antivirusenabled,AMServiceEnabled,AntispywareEnabled,BehaviorMonitorEnabled,IoavProtectionEnabled,NISEnabled,OnAccessProtectionEnabled,RealTimeProtectionEnabled,AntivirusSignatureLastUpdated
Get-MpComputerStatus allows you to display the current status of Windows Defender: enabled options, virus definition date and version, last scan time, and others.ĪntispywareSignatureLastUpdated : 10:07:00 PMĪntispywareSignatureVersion : 1.361.711.0ĪntivirusSignatureLastUpdated : 10:07:00 PMĬomputerID : 3DA6BCF53-D12A-2A2E-BA21-FE9C54C1092DĭeviceControlDefaultEnforcement : UnknownĭeviceControlPoliciesLastUpdated : 7:26:44 AM You can use the following PowerShell command to check the service state of Microsoft Defender Antivirus Service (WinDefend), Windows Security Service (SecurityHealthService), and Security Center (wscsvc): Get-Service Windefend, SecurityHealthService, wscsvc| Select Name,DisplayName, Status
If you need only examples of PowerShell commands, run: Get-Help Add-MpPreference -Examples How to Check if Windows Defender is Running?īefore using PowerShell cmdlets to control Windows Defender, it is advisable to check if the service is running.
To get full help on a specific cmdlet of the Defender module, use the Get-Help command: Get-Help Start-MpScan –Full Start-MpWDOScan - runs a Windows Defender offline scan.Update-MpSignature - anti-virus definition database update.Set-MpPreference - used to change scan and update options.Remove-MpThreat - allows you to remove active threats from your computer.Remove-MpPreference - allows you to remove Windows Defender settings or exceptions.Get-MpThreatDetection - displays a list of active and recent threats detected on the computer.Get-MpThreatCatalog - allows you to get known threats from the definitions directory.Get-MpThreat - view the history of detected threats on your computer.Get-MpPreference - used to get Windows Defender scan and update options.
At the moment, Windows Defender is a part of the only desktop Windows OS and not available in the current versions of Windows Server. Check UWP application status using PowerShell: Get-AppxPackage Microsoft.SecHealthUI -AllUsers|select Name, Status
To manage Windows Defender from the Windows Security GUI, you must have the Microsoft.SecHealthU UWP app installed on your computer. In Windows 11, all Windows Defender features are available in the modern Settings panel through the Windows Security app (you can open it via Settings > Update & Security > Windows Security or by using the quick access UTI command ms-settings:windowsdefender).