Defender Module for PowerShell
PS C:\> Get-Command -Module Defender
CommandType Name Version Source
----------- ---- ------- ------
Function Add-MpPreference 1.0 Defender
Function Get-MpComputerStatus 1.0 Defender
Function Get-MpPreference 1.0 Defender
Function Get-MpThreat 1.0 Defender
Function Get-MpThreatCatalog 1.0 Defender
Function Get-MpThreatDetection 1.0 Defender
Function Remove-MpPreference 1.0 Defender
Function Remove-MpThreat 1.0 Defender
Function Set-MpPreference 1.0 Defender
Function Start-MpScan 1.0 Defender
Function Start-MpWDOScan 1.0 Defender
Function Update-MpSignature 1.0 DefenderStatus:
PS C:\> Get-MpComputerStatus
<SNIP>
AntivirusSignatureLastUpdated : 4/8/2024 3:02:58 PM
<SNIP>
IsTamperProtected : False
IsVirtualMachine : True
<SNIP>
RealTimeProtectionEnabled : TruePS C:\> Get-MpThreat
CategoryID : 6
DidThreatExecute : False
IsActive : False
Resources :
RollupStatus : 1
SchemaVersion : 1.0.0.0
SeverityID : 5
ThreatID : 2147894794
ThreatName : Backdoor:Win64/CobaltStrike!pz
TypeID : 0
PSComputerName :
<SNIP>PS C:\> Get-MpThreatDetection -ThreatID 2147894794
ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.24020.7
CleaningActionID : 2
CurrentThreatExecutionStatusID : 1
DetectionID : {BD0541EE-FDE0-4001-9BEF-13CEA41FC7DE}
DetectionSourceTypeID : 3
DomainUser : WIN-I092S2V54F8\Administrator
InitialDetectionTime : 4/9/2024 9:38:39 AM
LastThreatStatusChangeTime : 4/9/2024 9:38:55 AM
ProcessName : C:\Windows\explorer.exe
RemediationTime : 4/9/2024 9:38:55 AM
Resources : {file:_C:\artifact_x64.exe}
ThreatID : 2147894794
ThreatStatusErrorCode : 0
ThreatStatusID : 3
PSComputerName PS C:\> Set-MpPreference -DisableRealTimeMonitoring $trueLast updated
Was this helpful?