使用 PowerShell、WMI 及 MPCmdRun.exe 管理 Microsoft Defender for EndpointManage Microsoft Defender for Endpoint with PowerShell, WMI, and MPCmdRun.exe

適用於:Applies to:

想要體驗適用於端點的 Microsoft Defender 嗎?Want to experience Microsoft Defender for Endpoint? 注册免費試用版。Sign up for a free trial.

您可以使用PowerShell管理裝置上的某些 Microsoft Defender 防毒軟體設定, Windows 管理工具 (WMI) ,以及Microsoft 惡意程式碼防護命令列公用程式 (MPCmdRun.exe) 。You can manage some Microsoft Defender Antivirus settings on devices with PowerShell, Windows Management Instrumentation (WMI), and the Microsoft Malware Protection Command Line Utility (MPCmdRun.exe). 例如,您可以管理一些 Microsoft Defender 防毒軟體設定。For example, you can manage some Microsoft Defender Antivirus settings. 此外,在某些情況下,您可以自訂攻擊面減少規則和 exploit protection 設定。And, in some cases, you can customize your attack surface reduction rules and exploit protection settings.

重要

您使用 PowerShell、WMI 或 MCPmdRun.exe 所設定的威脅防護功能,可透過使用 Intune 或 Configuration Manager 部署的設定設定覆寫。Threat protection features that you configure by using PowerShell, WMI, or MCPmdRun.exe can be overwritten by configuration settings that are deployed with Intune or Configuration Manager.

設定 Microsoft Defender for Endpoint with PowerShellConfigure Microsoft Defender for Endpoint with PowerShell

您可以使用 PowerShell 來管理 Microsoft Defender 防毒軟體、exploit protection 和攻擊面降低規則。You can use PowerShell to manage Microsoft Defender Antivirus, exploit protection, and your attack surface reduction rules.

工作Task 可深入了解的資源Resources to learn more
管理 Microsoft Defender 防毒軟體Manage Microsoft Defender Antivirus

查看反惡意程式碼保護的狀態、設定防病毒掃描的喜好設定 & 更新,以及對您的防防毒保護進行其他變更。View status of antimalware protection, configure preferences for antivirus scans & updates, and make other changes to your antivirus protection.
使用 PowerShell Cmdlet 來設定及管理 Microsoft Defender 防毒軟體Use PowerShell cmdlets to configure and manage Microsoft Defender Antivirus

使用 PowerShell Cmdlet 以啟用雲端提供的保護Use PowerShell cmdlets to enable cloud-delivered protection
設定 exploit protection ,以減輕組織裝置的威脅Configure exploit protection to mitigate threats on your organization's devices

我們建議您先在 稽核模式 中使用 exploit protection。如此一來,您就可以看到使用方式保護會如何影響組織所使用的應用程式。We recommend using exploit protection in audit mode at first. That way, you can see how exploit protection affects apps your organization is using.
自訂利用保護Customize exploit protection

PowerShell 用於 exploit protection 的 CmdletPowerShell cmdlets for exploit protection
使用 PowerShell 設定攻擊面降低規則Configure attack surface reduction rules with PowerShell

您可以使用 PowerShell,從攻擊面減少規則中排除檔案和資料夾。You can use PowerShell to exclude files and folders from attack surface reduction rules.
自訂攻擊面降減規則:使用 PowerShell 排除檔案 & 資料夾Customize attack surface reduction rules: Use PowerShell to exclude files & folders

此外,請參閱 António Vasconcelo 的圖形使用者介面工具,以使用 PowerShell 來設定攻擊面降減規則Also, see António Vasconcelo's graphical user interface tool for setting attack surface reduction rules with PowerShell.
使用 PowerShell 啟用網路保護Enable Network Protection with PowerShell

您可以使用 PowerShell 來啟用網路保護。You can use PowerShell to enable Network Protection.
使用 PowerShell 開啟網路保護Turn on Network Protection with PowerShell
設定受管理的資料夾存取 權以防護勒索軟體Configure controlled folder access to protect against ransomware

受管理的資料夾存取」也稱為 antiransomware protection。Controlled folder access is also referred to as antiransomware protection.
啟用 PowerShell 的可控資料夾存取Enable controlled folder access with PowerShell
設定 Microsoft Defender 防火牆 以封鎖進出組織裝置的未授權網路流量Configure Microsoft Defender Firewall to block unauthorized network traffic flowing into or out of your organization's devices 使用 Windows PowerShell 使用「高級安全性管理」的 Microsoft Defender 防火牆Microsoft Defender Firewall with Advanced Security Administration using Windows PowerShell
設定加密和 BitLocker ,以保護組織執行 Windows 的裝置資訊Configure encryption and BitLocker to protect information on your organization's devices running Windows BitLockerPowerShell 參考手冊BitLocker PowerShell reference guide

設定 Microsoft Defender for Endpoint with Windows Management Instrumentation (WMI) Configure Microsoft Defender for Endpoint with Windows Management Instrumentation (WMI)

WMI 是一個指令碼介面,可讓您檢索、修改和更新設定。WMI is a scripting interface that allows you to retrieve, modify, and update settings. 若要深入瞭解,請參閱 使用 WMITo learn more, see Using WMI.

工作Task 可深入了解的資源Resources to learn more
在裝置上 啟用雲端提供保護Enable cloud-delivered protection on a device 使用 Windows 管理指令 (WMI) 以啟用雲端提供的保護Use Windows Management Instruction (WMI) to enable cloud-delivered protection
檢索、修改和更新 Microsoft Defender 防毒軟體的設定Retrieve, modify, and update settings for Microsoft Defender Antivirus 使用 WMI 設定及管理 Microsoft Defender 防毒軟體Use WMI to configure and manage Microsoft Defender Antivirus

檢查可用 WMI 類別和範例腳本的清單Review the list of available WMI classes and example scripts

另請參閱封存的Windows Defender WMIv2 提供者參考資訊Also see the archived Windows Defender WMIv2 Provider reference information

使用 Microsoft 惡意程式碼防護 Command-Line 公用程式 (MPCmdRun.exe 設定 Microsoft Defender for Endpoint) Configure Microsoft Defender for Endpoint with Microsoft Malware Protection Command-Line Utility (MPCmdRun.exe)

在個別裝置上,您可以執行掃描、啟動診斷追蹤、檢查安全性智慧更新,以及使用 mpcmdrun.exe 命令列工具進行更多工作。On an individual device, you can run a scan, start diagnostic tracing, check for security intelligence updates, and more using the mpcmdrun.exe command-line tool. 您可以在中找到該公用程式 %ProgramFiles%\Windows Defender\MpCmdRun.exeYou can find the utility in %ProgramFiles%\Windows Defender\MpCmdRun.exe. 從命令提示字元執行。Run it from a command prompt.

工作Task 可深入了解的資源Resources to learn more
管理 Microsoft Defender 防毒軟體Manage Microsoft Defender Antivirus 使用 mpcmdrun.exe設定及管理 Microsoft Defender 防毒軟體Configure and manage Microsoft Defender Antivirus with mpcmdrun.exe

設定 Microsoft Defender 資訊安全中心Configure your Microsoft Defender Security Center

若尚未這麼做,請 設定 Microsoft Defender 資訊安全中心 (https://securitycenter.windows.com) 以查看提醒、設定威脅防護功能,以及查看組織整體安全性狀況的詳細資訊。If you haven't already done so, configure your Microsoft Defender Security Center (https://securitycenter.windows.com) to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture.

您也可以設定使用者是否可以在 Microsoft Defender 資訊安全中心中看到使用者的功能。You can also configure whether and what features end users can see in the Microsoft Defender Security Center.

後續步驟Next steps