From 28c97774748e61373999d6cd051694b838be5081 Mon Sep 17 00:00:00 2001 From: Yanyanmu Date: Fri, 8 Aug 2025 16:59:04 +0800 Subject: [PATCH 1/5] update powershell cmd doc Test-DefenderAndAmsiWorkProperly --- .../Test-DefenderAndAmsiWorkProperly.md | 79 +++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md diff --git a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md new file mode 100644 index 000000000..f682bd037 --- /dev/null +++ b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md @@ -0,0 +1,79 @@ +--- +module name: SharePointServer +online version: https://learn.microsoft.com/powershell/module/sharepoint-server/test-defenderandamsiworkproperly +applicable: SharePoint Server Subscription Edition +title: Test-DefenderAndAmsiWorkProperly +schema: 2.0.0 +--- + +# Test-DefenderAndAmsiWorkProperly + +## SYNOPSIS + +Tests that Windows Defender components and SharePoint AMSI integration are properly installed and running. + +## SYNTAX + +```powershell +Test-DefenderAndAmsiWorkProperly [] +``` + +## DESCRIPTION + +Use the `Test-DefenderAndAmsiWorkProperly` cmdlet to verify that all Windows Defender components are installed and running correctly, and that SharePoint AMSI (Antimalware Scan Interface) integration is functioning properly. + +This cmdlet performs comprehensive checks to ensure that the security infrastructure is operational and can protect SharePoint Server from malicious content. It validates both the Windows Defender antimalware engine and the AMSI integration that allows SharePoint to scan content for potential threats. + +The cmdlet does not make any changes to the system configuration but provides diagnostic information about the current state of security components. + +For permissions and the most current information about Windows PowerShell for SharePoint Products, see the online documentation at [SharePoint Server Cmdlets](https://learn.microsoft.com/powershell/sharepoint/sharepoint-server/sharepoint-server-cmdlets). + +## EXAMPLES + +### EXAMPLE 1 + +```powershell +Test-DefenderAndAmsiWorkProperly +``` + +This example tests the Windows Defender components and SharePoint AMSI integration to verify they are properly installed and running. + +### EXAMPLE 2 + +```powershell +Test-DefenderAndAmsiWorkProperly -Verbose +``` + +This example tests the Windows Defender components and SharePoint AMSI integration with verbose output to provide detailed information about each component being checked. + +## PARAMETERS + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +This cmdlet does not accept any input objects. + +## OUTPUTS + +### System.Object + +This cmdlet returns diagnostic information about the status of Windows Defender components and SharePoint AMSI integration. + +## NOTES + +- This cmdlet requires administrator privileges to access security component information. +- Ensure that Windows Defender is properly configured and enabled before running this test. +- SharePoint AMSI integration requires Windows Server 2016 or later with appropriate updates installed. + +## RELATED LINKS + +[SharePoint Server Cmdlets](https://learn.microsoft.com/powershell/sharepoint/sharepoint-server/sharepoint-server-cmdlets) + +[Windows Defender Antivirus](https://learn.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/) + +[Antimalware Scan Interface (AMSI)](https://learn.microsoft.com/windows/win32/amsi/antimalware-scan-interface-portal) \ No newline at end of file From 2e90d8ef413427e341001fa3dff197fdc3b26f3f Mon Sep 17 00:00:00 2001 From: Yanyanmu Date: Thu, 14 Aug 2025 14:46:35 +0800 Subject: [PATCH 2/5] correct the link --- .../SharePointServer/Test-DefenderAndAmsiWorkProperly.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md index f682bd037..9212f9e21 100644 --- a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md +++ b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md @@ -74,6 +74,6 @@ This cmdlet returns diagnostic information about the status of Windows Defender [SharePoint Server Cmdlets](https://learn.microsoft.com/powershell/sharepoint/sharepoint-server/sharepoint-server-cmdlets) -[Windows Defender Antivirus](https://learn.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/) +[Windows Defender Antivirus](https://learn.microsoft.com/defender-endpoint/microsoft-defender-antivirus-windows) [Antimalware Scan Interface (AMSI)](https://learn.microsoft.com/windows/win32/amsi/antimalware-scan-interface-portal) \ No newline at end of file From 537af2ccead2510d03e347e084c5b9d22ab7b857 Mon Sep 17 00:00:00 2001 From: Gary Moore <5432776+garycentric@users.noreply.github.com> Date: Thu, 28 Aug 2025 08:46:25 -0700 Subject: [PATCH 3/5] Correct capitalization of "Module Name" --- .../SharePointServer/Test-DefenderAndAmsiWorkProperly.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md index 9212f9e21..88128d7ad 100644 --- a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md +++ b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md @@ -1,5 +1,5 @@ --- -module name: SharePointServer +Module Name: SharePointServer online version: https://learn.microsoft.com/powershell/module/sharepoint-server/test-defenderandamsiworkproperly applicable: SharePoint Server Subscription Edition title: Test-DefenderAndAmsiWorkProperly From 083c0924f11876fb4eeb7f77f3c3f64318829359 Mon Sep 17 00:00:00 2001 From: Gary Moore <5432776+garycentric@users.noreply.github.com> Date: Thu, 28 Aug 2025 08:46:25 -0700 Subject: [PATCH 4/5] Correct capitalization of "Module Name" From 0e288549a47ed677650ddd82de57b8eba3105c1d Mon Sep 17 00:00:00 2001 From: Gary Moore <5432776+garycentric@users.noreply.github.com> Date: Thu, 28 Aug 2025 08:53:59 -0700 Subject: [PATCH 5/5] Add Test-DefenderAndAmsiWorkProperly --- .../sharepoint-server-ps/SharePointServer/SharePointServer.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sharepoint/sharepoint-server-ps/SharePointServer/SharePointServer.md b/sharepoint/sharepoint-server-ps/SharePointServer/SharePointServer.md index e5daaf070..f5c4eb608 100644 --- a/sharepoint/sharepoint-server-ps/SharePointServer/SharePointServer.md +++ b/sharepoint/sharepoint-server-ps/SharePointServer/SharePointServer.md @@ -2448,6 +2448,9 @@ Replaces existing certificate assignments with a new certificate. ### [Sync-SPProjectPermissions](Sync-SPProjectPermissions.md) Manually synchronizes permissions between a Project Web App instance and its associated project sites. +### [Test-DefenderAndAmsiWorkProperly](Test-DefenderAndAmsiWorkProperly.md) +Tests that Windows Defender components and SharePoint AMSI integration are properly installed and running. + ### [Test-SPContentDatabase](Test-SPContentDatabase.md) Tests a content database.