question

TeemoTang-2039 avatar image
TeemoTang-2039 asked ·

way to get the results of the last scheduled scan

So with get-mpcomputerstatus (sample results below) is there any way to tell if the scheduled scan came back clean or if there were any infected files detected? I can see the last scheduled scan was 2/23/20, is there anyway to verify a clean result?

PS C:\> get-mpcomputerstatus


AMEngineVersion : 1.1.16800.2

AMProductVersion : 4.18.2001.7

AMServiceEnabled : True

AMServiceVersion : 4.18.2001.7

AntispywareEnabled : True

AntispywareSignatureAge : 0

AntispywareSignatureLastUpdated : 2/25/2020 6:59:23 AM

AntispywareSignatureVersion : 1.311.51.0

AntivirusEnabled : True

AntivirusSignatureAge : 0

AntivirusSignatureLastUpdated : 2/25/2020 6:59:23 AM

AntivirusSignatureVersion : 1.311.51.0

BehaviorMonitorEnabled : False

ComputerState : 0

FullScanAge : 2

FullScanEndTime : 2/23/2020 7:00:40 AM

FullScanStartTime : 2/23/2020 6:00:11 AM

IoavProtectionEnabled : True

IsTamperProtected : False

IsVirtualMachine : False

LastFullScanSource : 2

LastQuickScanSource : 0

NISEnabled : False

NISEngineVersion : 0.0.0.0

NISSignatureAge : 4294967295

NISSignatureLastUpdated :

NISSignatureVersion : 0.0.0.0

OnAccessProtectionEnabled : True

QuickScanAge : 4294967295

QuickScanEndTime :

QuickScanStartTime :

RealTimeProtectionEnabled : True

RealTimeScanDirection : 0

PS C:\>

PSComputerName :


Referring to question source: https://social.technet.microsoft.com/Forums/windows/en-US/3375edbf-6b3e-4ad7-91ec-359b6759094d/way-to-get-the-results-of-the-last-scheduled-scan?forum=win10itprosecurity

windows-10-setup
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

KikiShi-9520 avatar image
KikiShi-9520 answered ·

Hi,


Welcome to our new Microsoft Q&A Platform.


Firstly, each of these properties provide you with information about the status of Windows Defender.

Let's take a look at some of them:

AMEngineVersion: version of the antimalware engine

NISEngineVersion: version of the network inspection system engine

AMServiceEnabled: activation of the antimalware service

AMProductVersion: antimalware client version

AMServiceVersion: antimalware service version

AntispywareEnabled: antispyware protection activation status

AntispywareSignatureLastUpdated: threat definitions' creation date

AntispywareSignatureVersion: antivirus signatures version

AntivirusSignatureVersion: antispyware signatures version

NISSignatureVersion: network inspection system signatures version

AntivirusEnabled: antivirus protection activation status

AntivirusSignatureLastUpdated: date and time of last update for the antivirus signatures

FullScanAge: number of days since the last system's full scan

FullScanEndTime: end date and time of the last full scan of the system

FullScanStartTime: start date and time of the last full scan of the system

NISEnabled: network inspection system activation status

NISSignatureLastUpdated: date and time of last update for the network inspection system's signatures

QuickScanAge: number of days since the last quick scan of the system

QuickScanEndTime: end date and time of the last quick scan of the system

QuickScanStartTime: start date and time of the last quick scan of the system

RealTimeProtectionEnabled: real-time protection activation status



Besides, if you want to verify a clean result, you could perform a system scan and there are two cmdlets that can be used to perform a system scan: Start-MpScan and Start-MpWDOScan.




More specific details please refer to the following Microsoft link:

Manage Windows Defender using PowerShell

https://social.technet.microsoft.com/wiki/contents/articles/52251.manage-windows-defender-using-powershell.aspx#Getting_Threats_information




Hope can help you.Have a nice day!


Kiki


























Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LucasA avatar image
LucasA answered ·

Hello,

you should use Get-MpThreatDetection, this will not tell you the last scheduled scan result, but will give you the threats detected on the computer (even if it was detected by realtime scan for example)

Best regards
Lucas

Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.