From 28c97774748e61373999d6cd051694b838be5081 Mon Sep 17 00:00:00 2001 From: Yanyanmu Date: Fri, 8 Aug 2025 16:59:04 +0800 Subject: [PATCH 1/3] update powershell cmd doc Test-DefenderAndAmsiWorkProperly --- .../Test-DefenderAndAmsiWorkProperly.md | 79 +++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md diff --git a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md new file mode 100644 index 000000000..f682bd037 --- /dev/null +++ b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md @@ -0,0 +1,79 @@ +--- +module name: SharePointServer +online version: https://learn.microsoft.com/powershell/module/sharepoint-server/test-defenderandamsiworkproperly +applicable: SharePoint Server Subscription Edition +title: Test-DefenderAndAmsiWorkProperly +schema: 2.0.0 +--- + +# Test-DefenderAndAmsiWorkProperly + +## SYNOPSIS + +Tests that Windows Defender components and SharePoint AMSI integration are properly installed and running. + +## SYNTAX + +```powershell +Test-DefenderAndAmsiWorkProperly [] +``` + +## DESCRIPTION + +Use the `Test-DefenderAndAmsiWorkProperly` cmdlet to verify that all Windows Defender components are installed and running correctly, and that SharePoint AMSI (Antimalware Scan Interface) integration is functioning properly. + +This cmdlet performs comprehensive checks to ensure that the security infrastructure is operational and can protect SharePoint Server from malicious content. It validates both the Windows Defender antimalware engine and the AMSI integration that allows SharePoint to scan content for potential threats. + +The cmdlet does not make any changes to the system configuration but provides diagnostic information about the current state of security components. + +For permissions and the most current information about Windows PowerShell for SharePoint Products, see the online documentation at [SharePoint Server Cmdlets](https://learn.microsoft.com/powershell/sharepoint/sharepoint-server/sharepoint-server-cmdlets). + +## EXAMPLES + +### EXAMPLE 1 + +```powershell +Test-DefenderAndAmsiWorkProperly +``` + +This example tests the Windows Defender components and SharePoint AMSI integration to verify they are properly installed and running. + +### EXAMPLE 2 + +```powershell +Test-DefenderAndAmsiWorkProperly -Verbose +``` + +This example tests the Windows Defender components and SharePoint AMSI integration with verbose output to provide detailed information about each component being checked. + +## PARAMETERS + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +This cmdlet does not accept any input objects. + +## OUTPUTS + +### System.Object + +This cmdlet returns diagnostic information about the status of Windows Defender components and SharePoint AMSI integration. + +## NOTES + +- This cmdlet requires administrator privileges to access security component information. +- Ensure that Windows Defender is properly configured and enabled before running this test. +- SharePoint AMSI integration requires Windows Server 2016 or later with appropriate updates installed. + +## RELATED LINKS + +[SharePoint Server Cmdlets](https://learn.microsoft.com/powershell/sharepoint/sharepoint-server/sharepoint-server-cmdlets) + +[Windows Defender Antivirus](https://learn.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/) + +[Antimalware Scan Interface (AMSI)](https://learn.microsoft.com/windows/win32/amsi/antimalware-scan-interface-portal) \ No newline at end of file From 2e90d8ef413427e341001fa3dff197fdc3b26f3f Mon Sep 17 00:00:00 2001 From: Yanyanmu Date: Thu, 14 Aug 2025 14:46:35 +0800 Subject: [PATCH 2/3] correct the link --- .../SharePointServer/Test-DefenderAndAmsiWorkProperly.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md index f682bd037..9212f9e21 100644 --- a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md +++ b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md @@ -74,6 +74,6 @@ This cmdlet returns diagnostic information about the status of Windows Defender [SharePoint Server Cmdlets](https://learn.microsoft.com/powershell/sharepoint/sharepoint-server/sharepoint-server-cmdlets) -[Windows Defender Antivirus](https://learn.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/) +[Windows Defender Antivirus](https://learn.microsoft.com/defender-endpoint/microsoft-defender-antivirus-windows) [Antimalware Scan Interface (AMSI)](https://learn.microsoft.com/windows/win32/amsi/antimalware-scan-interface-portal) \ No newline at end of file From 9d884f96c48edf9c232dab8ba94f27a5619596df Mon Sep 17 00:00:00 2001 From: Gary Moore <5432776+garycentric@users.noreply.github.com> Date: Tue, 26 Aug 2025 18:01:51 -0700 Subject: [PATCH 3/3] Add Test-Defender-AndAmsiWorkProperly to SharePointServer.md --- .../sharepoint-server-ps/SharePointServer/SharePointServer.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sharepoint/sharepoint-server-ps/SharePointServer/SharePointServer.md b/sharepoint/sharepoint-server-ps/SharePointServer/SharePointServer.md index 66adac229..62d3da1c8 100644 --- a/sharepoint/sharepoint-server-ps/SharePointServer/SharePointServer.md +++ b/sharepoint/sharepoint-server-ps/SharePointServer/SharePointServer.md @@ -2448,6 +2448,9 @@ Replaces existing certificate assignments with a new certificate. ### [Sync-SPProjectPermissions](Sync-SPProjectPermissions.md) Manually synchronizes permissions between a Project Web App instance and its associated project sites. +### [Test-DefenderAndAmsiWorkProperly](Test-DefenderAndAmsiWorkProperly.md) +Tests that Windows Defender components and SharePoint AMSI integration are properly installed and running. + ### [Test-SPContentDatabase](Test-SPContentDatabase.md) Tests a content database.