New-MpPerformanceRecording
This cmdlet collects a performance recording of Microsoft Defender Antivirus scans.
Syntax
Interactive (Default)
New-MpPerformanceRecording
-RecordTo <String>
[-Session <PSSession[]>]
[-WPRPath <String>]
[<CommonParameters>]
Timed
New-MpPerformanceRecording
-RecordTo <String>
-Seconds <Int32>
[-Session <PSSession[]>]
[-WPRPath <String>]
[<CommonParameters>]
Description
This cmdlet collects a performance recording of Microsoft Defender Antivirus scans. These performance recordings contain Microsoft-Antimalware-Engine and NT kernel process events and can be analyzed after collection using the Get-MpPerformanceReport cmdlet.
This cmdlet requires elevated administrator privileges.
The performance analyzer provides insight into problematic files that could cause performance degradation of Microsoft Defender Antivirus. This tool is provided "AS IS", and is not intended to provide suggestions on exclusions. Exclusions can reduce the level of protection on your endpoints. Exclusions, if any, should be defined with caution.
Examples
EXAMPLE 1
New-MpPerformanceRecording -RecordTo:.\Defender-scans.etl
Parameters
-RecordTo
Specifies the location where to save the Microsoft Defender Antivirus performance recording.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Seconds
Specifies the duration of the performance recording in seconds.
Parameter properties
| Type: | Int32 |
| Default value: | 0 |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
Timed
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Session
Specifies the PSSession object in which to create and save the Microsoft Defender Antivirus performance recording. When you use this parameter, the RecordTo parameter refers to the local path on the remote machine.
Parameter properties
| Type: | |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-WPRPath
Optional argument to specifiy a different tool for recording traces. Default is wpr.exe When $Session parameter is used this path represents a location on the remote machine.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.