Share via

Windows Security Center - WMI/PowerShell

Lanky Doodle 241 Reputation points
2021-12-16T16:34:46.243+00:00

Hi,

I am looking for ways to interrogate Windows Security Center using PowerShell across my estate. Independent of the AV product/OS version in use. Essentially I want to show what Security Center GUI shows in PowerShell.

The key info I need is:

Overall health state / any current/recent alerts
Compare the engine/AV definition to the latest available and flag if not the most recent
Show the most recent available whether the installed one is the latest or not
Show the last quick/full scan date and results

There will probably be more needed in the future but that's a good starting point.

Thanks

Windows for business Windows Client for IT Pros Devices and deployment Configure application groups
Windows for business Windows Server Devices and deployment Configure application groups

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Reza-Ameri 17,336 Reputation points Volunteer Moderator
    2021-12-17T15:53:30.993+00:00

    It is possible to perform number of tasks using Microsoft Defender's interface in the PowerShell for example Get-MpComputerStatus , Get-MpPreference , Get-MpThreatDetection ,... and you may see the list on:
    https://learn.microsoft.com/en-us/powershell/module/defender/
    As for the Microsoft Defender ATP, you may start with:
    https://learn.microsoft.com/en-us/samples/microsoft/microsoftdefenderatp-api-powershell/microsoft-defender-atp-powershell-api-samples/

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.