Review Microsoft Defender Antivirus scan results
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender for Business
- Microsoft Defender for Individuals
- Microsoft Defender Antivirus
Use Microsoft 365 Defender to review scan results
To view the scan results using Microsoft 365 Defender Endpoint, follow the below process.
Sign in to Microsoft 365 Defender portal.
Go to Incidents & alerts > Alerts.
You can view the scanned results under Alerts.
Use Microsoft Intune to review scan results
To view the scan results using Microsoft Intune admin center, follow the below process.
Sign in to Microsoft Intune admin center.
Go to Reports.
Under Endpoint security, select Microsoft Defender Antivirus.
In the Reports tab, select Detected malware.
Select the Severity level from the dropdown list.
By default All severity option is selected.
Select Execution state from the dropdown list.
By default All execution state option is selected.
Select Managed by from the dropdown list.
By default All Managed by option is selected.
Click on Generate report.
Use Configuration Manager to review scan results
Use PowerShell cmdlets to review scan results
The following cmdlet returns each detection on the endpoint. If there are multiple detections of the same threat, each detection is listed separately, based on the time of each detection:
You can specify
-ThreatID to limit the output to only show the detections for a specific threat.
If you want to list threat detections, but combine detections of the same threat into a single item, you can use the following cmdlet:
See Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus and Defender Antivirus cmdlets for more information on how to use PowerShell with Microsoft Defender Antivirus.
Use Windows Management Instruction (WMI) to review scan results
Use the Get method of the MSFT_MpThreat and MSFT_MpThreatDetection classes.
If you're looking for Antivirus related information for other platforms, see:
- Set preferences for Microsoft Defender for Endpoint on macOS
- Microsoft Defender for Endpoint on Mac
- macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune
- Set preferences for Microsoft Defender for Endpoint on Linux
- Microsoft Defender for Endpoint on Linux
- Configure Defender for Endpoint on Android features
- Configure Microsoft Defender for Endpoint on iOS features
- Customize, initiate, and review the results of Microsoft Defender Antivirus scans and remediation
- Address false positives/negatives in Microsoft Defender for Endpoint
- Microsoft Defender Antivirus in Windows 10
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.