Use PowerShell cmdlets to configure and manage Microsoft Defender Antivirus
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender Antivirus
You can use PowerShell to perform various functions in Windows Defender. Similar to the command prompt or command line, PowerShell is a task-based command-line shell and scripting language designed especially for system administration. You can read more about it in the PowerShell documentation.
For a list of the cmdlets and their functions and available parameters, see the Defender Antivirus cmdlets topic.
PowerShell cmdlets are most useful in Windows Server environments that don't rely on a graphical user interface (GUI) to configure software.
PowerShell cmdlets should not be used as a replacement for a full network policy management infrastructure, such as Microsoft Endpoint Configuration Manager, Group Policy Management Console, or Microsoft Defender Antivirus Group Policy ADMX templates.
Changes made with PowerShell will affect local settings on the endpoint where the changes are deployed or made. This means that deployments of policy with Group Policy, Microsoft Endpoint Configuration Manager, or Microsoft Intune can overwrite changes made with PowerShell.
PowerShell is typically installed under the folder
Use Microsoft Defender Antivirus PowerShell cmdlets
- In the Windows search bar, type powershell.
- Select Windows PowerShell from the results to open the interface.
- Enter the PowerShell command and any parameters.
You may need to open PowerShell in administrator mode. Right-click the item in the Start menu, click Run as administrator and click Yes at the permissions prompt.
To open online help for any of the cmdlets type the following:
Get-Help <cmdlet> -Online
-online parameter to get locally cached help.
If you're looking for Antivirus related information for other platforms, see:
- Set preferences for Microsoft Defender for Endpoint on macOS
- Microsoft Defender for Endpoint on Mac
- macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune
- Set preferences for Microsoft Defender for Endpoint on Linux
- Microsoft Defender for Endpoint on Linux
- Configure Defender for Endpoint on Android features
- Configure Microsoft Defender for Endpoint on iOS features
Performance tip Due to a variety of factors (examples listed below) Microsoft Defender Antivirus, like other antivirus software, can cause performance issues on endpoint devices. In some cases, you might need to tune the performance of Microsoft Defender Antivirus to alleviate those performance issues. Microsoft's Performance analyzer is a PowerShell command-line tool that helps determine which files, file paths, processes, and file extensions might be causing performance issues; some examples are:
- Top paths that impact scan time
- Top files that impact scan time
- Top processes that impact scan time
- Top file extensions that impact scan time
- Combinations – for example:
- top files per extension
- top paths per extension
- top processes per path
- top scans per file
- top scans per file per process
You can use the information gathered using Performance analyzer to better assess performance issues and apply remediation actions. See: Performance analyzer for Microsoft Defender Antivirus.
- Performance analyzer for Microsoft Defender Antivirus
- Reference topics for management and configuration tools
- Microsoft Defender Antivirus in Windows 10
- Microsoft Defender Antivirus Cmdlets
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.