Review Microsoft Defender Antivirus scan results

Applies to:

• Microsoft Defender for Endpoint Plan 1
• Microsoft Defender for Endpoint Plan 2
• Microsoft Defender Antivirus

Platforms

• Windows

After a Microsoft Defender Antivirus scan completes, whether it is an on-demand or scheduled scan, the results are recorded and you can view the results.

Use Configuration Manager to review scan results

See How to monitor Endpoint Protection status.

Use PowerShell cmdlets to review scan results

The following cmdlet will return each detection on the endpoint. If there are multiple detections of the same threat, each detection will be listed separately, based on the time of each detection:

Get-MpThreatDetection

You can specify -ThreatID to limit the output to only show the detections for a specific threat.

If you want to list threat detections, but combine detections of the same threat into a single item, you can use the following cmdlet:

Get-MpThreat

See Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus and Defender Antivirus cmdlets for more information on how to use PowerShell with Microsoft Defender Antivirus.

Use Windows Management Instruction (WMI) to review scan results

Use the Get method of the MSFT_MpThreat and MSFT_MpThreatDetection classes.

Tip

If you're looking for Antivirus related information for other platforms, see:

• Set preferences for Microsoft Defender for Endpoint on macOS
• Microsoft Defender for Endpoint on Mac
• macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune
• Set preferences for Microsoft Defender for Endpoint on Linux
• Microsoft Defender for Endpoint on Linux
• Configure Defender for Endpoint on Android features
• Configure Microsoft Defender for Endpoint on iOS features

Related articles

• Customize, initiate, and review the results of Microsoft Defender Antivirus scans and remediation
• Microsoft Defender Antivirus in Windows 10