Categories

Windows 8.1 Defender module

Windows 8.1 includes a module – Defender for working with the anti-malware engine on the machine.  I’m presuming this means Windows Defender only

The starting point is Get-MpComputerStatus

£> Get-MpComputerStatus


AMEngineVersion                 : 1.1.10100.0
AMProductVersion                : 4.3.9600.16384
AMServiceEnabled                : True
AMServiceVersion                : 4.3.9600.16384
AntispywareEnabled              : True
AntispywareSignatureAge         : 2
AntispywareSignatureLastUpdated : 27/11/2013 11:14:50
AntispywareSignatureVersion     : 1.163.737.0
AntivirusEnabled                : True
AntivirusSignatureAge           : 2
AntivirusSignatureLastUpdated   : 27/11/2013 11:14:50
AntivirusSignatureVersion       : 1.163.737.0
BehaviorMonitorEnabled          : True
ComputerID                      : 10EEA25B-DB88-4238-BA5C-C500519F9C56
ComputerState                   : 0
FullScanAge                     : 4294967295
FullScanEndTime                 :
FullScanStartTime               :
IoavProtectionEnabled           : True
LastFullScanSource              : 0
LastQuickScanSource             : 2
NISEnabled                      : False
NISEngineVersion                : 2.1.10003.0
NISSignatureAge                 : 4294967295
NISSignatureLastUpdated         :
NISSignatureVersion             : 109.17.0.0
OnAccessProtectionEnabled       : True
QuickScanAge                    : 1
QuickScanEndTime                : 27/11/2013 21:48:57
QuickScanStartTime              : 27/11/2013 21:47:16
RealTimeProtectionEnabled       : True
RealTimeScanDirection           : 0
PSComputerName                  :

 

which shows a lot of useful data.

The cmdlet has a CimSession parameter so you can work with remote Windows 8.1 machines.  This module isn’t available on Windows 2012 R2.

 

Other cmdlets include:

Add-MpPreference
Get-MpComputerStatus
Get-MpPreference
Get-MpThreat
Get-MpThreatCatalog
Get-MpThreatDetection
Remove-MpPreference
Remove-MpThreat
Set-MpPreference
Start-MpScan
Update-MpSignature

If you think the output is reminiscent of a WMI class you’re right. The cmdlet is CDXML built from the ROOT\Microsoft\Windows\Defender\MSFT_MpComputerStatus CIM class

Leave a Reply