Windows Security Center - WMI/PowerShell

Lanky Doodle 221 Reputation points
2021-12-16T16:34:46.243+00:00

Hi,

I am looking for ways to interrogate Windows Security Center using PowerShell across my estate. Independent of the AV product/OS version in use. Essentially I want to show what Security Center GUI shows in PowerShell.

The key info I need is:

Overall health state / any current/recent alerts
Compare the engine/AV definition to the latest available and flag if not the most recent
Show the most recent available whether the installed one is the latest or not
Show the last quick/full scan date and results

There will probably be more needed in the future but that's a good starting point.

Thanks

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,698 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,684 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Reza-Ameri 16,906 Reputation points
    2021-12-17T15:53:30.993+00:00

    It is possible to perform number of tasks using Microsoft Defender's interface in the PowerShell for example Get-MpComputerStatus , Get-MpPreference , Get-MpThreatDetection ,... and you may see the list on:
    https://learn.microsoft.com/en-us/powershell/module/defender/
    As for the Microsoft Defender ATP, you may start with:
    https://learn.microsoft.com/en-us/samples/microsoft/microsoftdefenderatp-api-powershell/microsoft-defender-atp-powershell-api-samples/