Report on Microsoft Defender Antivirus

Applies to:


  • Windows

Microsoft Defender Antivirus is built into Windows 10, Windows 11, Windows Server 2019, Windows Server 2022, and Windows Server 2016. Microsoft Defender Antivirus is of your next-generation protection in Microsoft Defender for Endpoint. Next-generation protection helps protect your devices from software threats like viruses, malware, and spyware across email, apps, the cloud, and the web.

With Microsoft Defender Antivirus, you have several options for reviewing protection status and alerts. You can use Microsoft Endpoint Manager to monitor Microsoft Defender Antivirus or create email alerts. Or, you can monitor protection using Microsoft Intune.

If you have a third-party security information and event management (SIEM) server, you can also consume Windows Defender client events.

Windows events comprise several security event sources, including Security Account Manager (SAM) events (enhanced for Windows 10, also see the Security auditing topic) and Windows Defender events.

These events can be centrally aggregated using the Windows event collector. Often, SIEM servers have connectors for Windows events, allowing you to correlate all security events in your SIEM server.

You can also monitor malware events using the Malware Assessment solution in Log Analytics.

For monitoring or determining status with PowerShell, WMI, or Microsoft Azure, see the (Deployment, management, and reporting options table).


Performance tip Due to a variety of factors (examples listed below) Microsoft Defender Antivirus, like other antivirus software, can cause performance issues on endpoint devices. In some cases, you might need to tune the performance of Microsoft Defender Antivirus to alleviate those performance issues. Microsoft's Performance analyzer is a PowerShell command-line tool that helps determine which files, file paths, processes, and file extensions might be causing performance issues; some examples are:

  • Top paths that impact scan time
  • Top files that impact scan time
  • Top processes that impact scan time
  • Top file extensions that impact scan time
  • Combinations – for example:
    • top files per extension
    • top paths per extension
    • top processes per path
    • top scans per file
    • top scans per file per process

You can use the information gathered using Performance analyzer to better assess performance issues and apply remediation actions. See: Performance analyzer for Microsoft Defender Antivirus.

See also