Use PowerShell cmdlets to configure and manage Windows Defender Antivirus

Applies to:

You can use PowerShell to perform various functions in Windows Defender. Similar to the command prompt or command line, PowerShell is a task-based command-line shell and scripting language designed especially for system administration, and you can read more about it at the PowerShell hub on MSDN.

For a list of the cmdlets and their functions and available parameters, see the Defender cmdlets topic.

PowerShell cmdlets are most useful in Windows Server environments that don't rely on a graphical user interface (GUI) to configure software.


PowerShell cmdlets should not be used as a replacement for a full network policy management infrastructure, such as System Center Configuration Manager, Group Policy Management Console, or Windows Defender Antivirus Group Policy ADMX templates.

Changes made with PowerShell will affect local settings on the endpoint where the changes are deployed or made. This means that deployments of policy with Group Policy, System Center Configuration Manager, or Microsoft Intune can overwrite changes made with PowerShell.

You can configure which settings can be overridden locally with local policy overrides.

PowerShell is typically installed under the folder %SystemRoot%\system32\WindowsPowerShell.

Use Windows Defender Antivirus PowerShell cmdlets:

  1. Click Start, type powershell, and press Enter.
  2. Click Windows PowerShell to open the interface.
  3. Enter the command and parameters.


You may need to open an administrator-level version of PowerShell. Right-click the item in the Start menu, click Run as administrator and click Yes at the permissions prompt.

To open online help for any of the cmdlets type the following:

Get-Help <cmdlet> -Online

Omit the -online parameter to get locally cached help.