way to get the results of the last scheduled scan

Question

So with get-mpcomputerstatus (sample results below) is there any way to tell if the scheduled scan came back clean or if there were any infected files detected? I can see the last scheduled scan was 2/23/20, is there anyway to verify a clean result?

PS C:\> get-mpcomputerstatus

AMEngineVersion : 1.1.16800.2

AMProductVersion : 4.18.2001.7

AMServiceEnabled : True

AMServiceVersion : 4.18.2001.7

AntispywareEnabled : True

AntispywareSignatureAge : 0

AntispywareSignatureLastUpdated : 2/25/2020 6:59:23 AM

AntispywareSignatureVersion : 1.311.51.0

AntivirusEnabled : True

AntivirusSignatureAge : 0

AntivirusSignatureLastUpdated : 2/25/2020 6:59:23 AM

AntivirusSignatureVersion : 1.311.51.0

BehaviorMonitorEnabled : False

ComputerState : 0

FullScanAge : 2

FullScanEndTime : 2/23/2020 7:00:40 AM

FullScanStartTime : 2/23/2020 6:00:11 AM

IoavProtectionEnabled : True

IsTamperProtected : False

IsVirtualMachine : False

LastFullScanSource : 2

LastQuickScanSource : 0

NISEnabled : False

NISEngineVersion : 0.0.0.0

NISSignatureAge : 4294967295

NISSignatureLastUpdated :

NISSignatureVersion : 0.0.0.0

OnAccessProtectionEnabled : True

QuickScanAge : 4294967295

QuickScanEndTime :

QuickScanStartTime :

RealTimeProtectionEnabled : True

RealTimeScanDirection : 0

PS C:\>

PSComputerName :

Referring to question source: https://social.technet.microsoft.com/Forums/windows/en-US/3375edbf-6b3e-4ad7-91ec-359b6759094d/way-to-get-the-results-of-the-last-scheduled-scan?forum=win10itprosecurity

Answer 1

Hi,

Welcome to our new Microsoft Q&A Platform.

Firstly, each of these properties provide you with information about the status of Windows Defender.

Let's take a look at some of them:

AMEngineVersion: version of the antimalware engine

NISEngineVersion: version of the network inspection system engine

AMServiceEnabled: activation of the antimalware service

AMProductVersion: antimalware client version

AMServiceVersion: antimalware service version

AntispywareEnabled: antispyware protection activation status

AntispywareSignatureLastUpdated: threat definitions' creation date

AntispywareSignatureVersion: antivirus signatures version

AntivirusSignatureVersion: antispyware signatures version

NISSignatureVersion: network inspection system signatures version

AntivirusEnabled: antivirus protection activation status

AntivirusSignatureLastUpdated: date and time of last update for the antivirus signatures

FullScanAge: number of days since the last system's full scan

FullScanEndTime: end date and time of the last full scan of the system

FullScanStartTime: start date and time of the last full scan of the system

NISEnabled: network inspection system activation status

NISSignatureLastUpdated: date and time of last update for the network inspection system's signatures

QuickScanAge: number of days since the last quick scan of the system

QuickScanEndTime: end date and time of the last quick scan of the system

QuickScanStartTime: start date and time of the last quick scan of the system

RealTimeProtectionEnabled: real-time protection activation status

Besides, if you want to verify a clean result, you could perform a system scan and there are two cmdlets that can be used to perform a system scan: Start-MpScan and Start-MpWDOScan.

More specific details please refer to the following Microsoft link:

Manage Windows Defender using PowerShell

https://social.technet.microsoft.com/wiki/contents/articles/52251.manage-windows-defender-using-powershell.aspx#Getting_Threats_information

Hope can help you.Have a nice day!

Kiki

Answer 2

Hello,

you should use Get-MpThreatDetection, this will not tell you the last scheduled scan result, but will give you the threats detected on the computer (even if it was detected by realtime scan for example)

Best regards
Lucas