Defender File Scan Count

Handian Sudianto 2,871 Reputation points


Can we get count file scanned by defender using powershell?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
10,592 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
977 questions
0 comments No comments
{count} votes

Accepted answer
  1. Givary-MSFT 19,781 Reputation points Microsoft Employee

    @Handian Sudianto Apologies for the delayed response, from the above conversation I see you your are looking for PowerShell command which can provide files scanned information.

    Researched on the PowerShell cmdlets available for Windows Defender -

    Though we can perform scan from the PowerShell, however it doesnt provide the output results in the PowerShell screen, it can viewed via GUI like you mentioned above.

    Also, its not possible get this information via event viewer as well, reviewed the events as well -

    Any specific reason why you are looking for this information via PowerShell.


    Let me know if you have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

3 additional answers

Sort by: Most helpful
  1. Limitless Technology 41,586 Reputation points


    Thank you for your question and reaching out. I can understand you are having issues related to Counts

    Us the power shell command

    (Get-WinEvent -LogName 'Microsoft-Windows-Windows Defender/Operational' | Where-Object { $_.Id -eq 1006 }).Count

    and see it helps.

    Thank you

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

  2. Handian Sudianto 2,871 Reputation points


    in the GUI we can see files scanned is 34538

    User's image

    but use given PowerShell script showing 0

    User's image

    0 comments No comments

  3. Handian Sudianto 2,871 Reputation points


    Thanks for your update. Currently i looking the count scan file just for reporting to management to provide evidence that the server is protected by defender and scanning running normally. We will consider to upgrade the 2012 to 2016 soon, so we can monitor scanned file using GUI.

    0 comments No comments