Customize, initiate, and review the results of Microsoft Defender Antivirus scans and remediation

Applies to:

You can use Group Policy, PowerShell, and Windows Management Instrumentation (WMI) to configure Microsoft Defender Antivirus scans.

In this section

Topic Description
Configure and validate file, folder, and process-opened file exclusions in Microsoft Defender Antivirus scans You can exclude files (including files modified by specified processes) and folders from on-demand scans, scheduled scans, and always-on real-time protection monitoring and scanning
Configure Microsoft Defender Antivirus scanning options You can configure Microsoft Defender Antivirus to include certain types of email storage files, back-up or reparse points, and archived files (such as .zip files) in scans. You can also enable network file scanning
Configure remediation for scans Configure what Microsoft Defender Antivirus should do when it detects a threat, and how long quarantined files should be retained in the quarantine folder
Configure scheduled scans Set up recurring (scheduled) scans, including when they should run and whether they run as full or quick scans
Configure and run scans Run and configure on-demand scans using PowerShell, Windows Management Instrumentation, or individually on endpoints with the Windows Security app
Review scan results Review the results of scans using Microsoft Endpoint Configuration Manager, Microsoft Intune, or the Windows Security app


Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.