Share via

Cancel a running Defender Scan using WMI

RandomFunnyGuy 1 Reputation point
2022-08-24T09:58:46.023+00:00

Hi everyone,

i am currently looking for a way to cancel a running defender scan via WMI.

A workaround would be to use MpCmdRun, e .g

Starting: MpCmdRun.exe -Scan -ScanType 1
Cancel: MpCmdRun.exe -Scan -ScanType -Cancel

But i would like to use a WMI Class Method. I found a lot of information for starting a scan (MSFT_MpSCan Start method) but not for canceling.

https://learn.microsoft.com/en-us/previous-versions/windows/desktop/defender/start-msft-mpscan
Is not helpful at this place!

Thank you in advance for your help!

regards
RFG

Windows for business Windows Client for IT Pros Devices and deployment Configure application groups
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,916 Reputation points
    2022-08-26T08:34:51.83+00:00

    Hello there,

    Powershell makes this easier to do. To quickly check if Windows Defender is running on your computer and find out the last antivirus definition update date, run the following PowerShell command: Get-MpComputerStatus | Select-Object -Property Antivirusenabled,AMServiceEnabled,AntispywareEnabled,BehaviorMonitorEnabled,IoavProtectionEnabled,NISEnabled,OnAccessProtectionEnabled,RealTimeProtectionEnabled,AntivirusSignatureLastUpdated

    Type the following command to temporarily disable Microsoft Defender Antivirus and press Enter: Set-MpPreference -DisableRealtimeMonitoring $true

    ----------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer–

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.