From 28c97774748e61373999d6cd051694b838be5081 Mon Sep 17 00:00:00 2001 From: Yanyanmu Date: Fri, 8 Aug 2025 16:59:04 +0800 Subject: [PATCH 1/9] update powershell cmd doc Test-DefenderAndAmsiWorkProperly --- .../Test-DefenderAndAmsiWorkProperly.md | 79 +++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md diff --git a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md new file mode 100644 index 000000000..f682bd037 --- /dev/null +++ b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md @@ -0,0 +1,79 @@ +--- +module name: SharePointServer +online version: https://learn.microsoft.com/powershell/module/sharepoint-server/test-defenderandamsiworkproperly +applicable: SharePoint Server Subscription Edition +title: Test-DefenderAndAmsiWorkProperly +schema: 2.0.0 +--- + +# Test-DefenderAndAmsiWorkProperly + +## SYNOPSIS + +Tests that Windows Defender components and SharePoint AMSI integration are properly installed and running. + +## SYNTAX + +```powershell +Test-DefenderAndAmsiWorkProperly [] +``` + +## DESCRIPTION + +Use the `Test-DefenderAndAmsiWorkProperly` cmdlet to verify that all Windows Defender components are installed and running correctly, and that SharePoint AMSI (Antimalware Scan Interface) integration is functioning properly. + +This cmdlet performs comprehensive checks to ensure that the security infrastructure is operational and can protect SharePoint Server from malicious content. It validates both the Windows Defender antimalware engine and the AMSI integration that allows SharePoint to scan content for potential threats. + +The cmdlet does not make any changes to the system configuration but provides diagnostic information about the current state of security components. + +For permissions and the most current information about Windows PowerShell for SharePoint Products, see the online documentation at [SharePoint Server Cmdlets](https://learn.microsoft.com/powershell/sharepoint/sharepoint-server/sharepoint-server-cmdlets). + +## EXAMPLES + +### EXAMPLE 1 + +```powershell +Test-DefenderAndAmsiWorkProperly +``` + +This example tests the Windows Defender components and SharePoint AMSI integration to verify they are properly installed and running. + +### EXAMPLE 2 + +```powershell +Test-DefenderAndAmsiWorkProperly -Verbose +``` + +This example tests the Windows Defender components and SharePoint AMSI integration with verbose output to provide detailed information about each component being checked. + +## PARAMETERS + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +This cmdlet does not accept any input objects. + +## OUTPUTS + +### System.Object + +This cmdlet returns diagnostic information about the status of Windows Defender components and SharePoint AMSI integration. + +## NOTES + +- This cmdlet requires administrator privileges to access security component information. +- Ensure that Windows Defender is properly configured and enabled before running this test. +- SharePoint AMSI integration requires Windows Server 2016 or later with appropriate updates installed. + +## RELATED LINKS + +[SharePoint Server Cmdlets](https://learn.microsoft.com/powershell/sharepoint/sharepoint-server/sharepoint-server-cmdlets) + +[Windows Defender Antivirus](https://learn.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/) + +[Antimalware Scan Interface (AMSI)](https://learn.microsoft.com/windows/win32/amsi/antimalware-scan-interface-portal) \ No newline at end of file From 2e90d8ef413427e341001fa3dff197fdc3b26f3f Mon Sep 17 00:00:00 2001 From: Yanyanmu Date: Thu, 14 Aug 2025 14:46:35 +0800 Subject: [PATCH 2/9] correct the link --- .../SharePointServer/Test-DefenderAndAmsiWorkProperly.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md index f682bd037..9212f9e21 100644 --- a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md +++ b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md @@ -74,6 +74,6 @@ This cmdlet returns diagnostic information about the status of Windows Defender [SharePoint Server Cmdlets](https://learn.microsoft.com/powershell/sharepoint/sharepoint-server/sharepoint-server-cmdlets) -[Windows Defender Antivirus](https://learn.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/) +[Windows Defender Antivirus](https://learn.microsoft.com/defender-endpoint/microsoft-defender-antivirus-windows) [Antimalware Scan Interface (AMSI)](https://learn.microsoft.com/windows/win32/amsi/antimalware-scan-interface-portal) \ No newline at end of file From 537af2ccead2510d03e347e084c5b9d22ab7b857 Mon Sep 17 00:00:00 2001 From: Gary Moore <5432776+garycentric@users.noreply.github.com> Date: Thu, 28 Aug 2025 08:46:25 -0700 Subject: [PATCH 3/9] Correct capitalization of "Module Name" --- .../SharePointServer/Test-DefenderAndAmsiWorkProperly.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md index 9212f9e21..88128d7ad 100644 --- a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md +++ b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md @@ -1,5 +1,5 @@ --- -module name: SharePointServer +Module Name: SharePointServer online version: https://learn.microsoft.com/powershell/module/sharepoint-server/test-defenderandamsiworkproperly applicable: SharePoint Server Subscription Edition title: Test-DefenderAndAmsiWorkProperly From 369531321f8c000fa6f9ee43e49e1d79e04c2cfb Mon Sep 17 00:00:00 2001 From: Gary Moore <5432776+garycentric@users.noreply.github.com> Date: Thu, 28 Aug 2025 08:46:25 -0700 Subject: [PATCH 4/9] Correct capitalization of "Module Name" From a0f3e899a7c6047de309c0fe17f49cab0bb0582c Mon Sep 17 00:00:00 2001 From: Gary Moore <5432776+garycentric@users.noreply.github.com> Date: Thu, 28 Aug 2025 08:53:59 -0700 Subject: [PATCH 5/9] Add Test-DefenderAndAmsiWorkProperly --- .../sharepoint-server-ps/SharePointServer/SharePointServer.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sharepoint/sharepoint-server-ps/SharePointServer/SharePointServer.md b/sharepoint/sharepoint-server-ps/SharePointServer/SharePointServer.md index e5daaf070..f5c4eb608 100644 --- a/sharepoint/sharepoint-server-ps/SharePointServer/SharePointServer.md +++ b/sharepoint/sharepoint-server-ps/SharePointServer/SharePointServer.md @@ -2448,6 +2448,9 @@ Replaces existing certificate assignments with a new certificate. ### [Sync-SPProjectPermissions](Sync-SPProjectPermissions.md) Manually synchronizes permissions between a Project Web App instance and its associated project sites. +### [Test-DefenderAndAmsiWorkProperly](Test-DefenderAndAmsiWorkProperly.md) +Tests that Windows Defender components and SharePoint AMSI integration are properly installed and running. + ### [Test-SPContentDatabase](Test-SPContentDatabase.md) Tests a content database. From 60a350e926efd6c5b4b120b353ad7b70357b0536 Mon Sep 17 00:00:00 2001 From: Yanyanmu Date: Fri, 29 Aug 2025 13:31:50 +0800 Subject: [PATCH 6/9] correct --- .../SharePointServer/Test-DefenderAndAmsiWorkProperly.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md index 9212f9e21..896023cce 100644 --- a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md +++ b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md @@ -14,6 +14,7 @@ Tests that Windows Defender components and SharePoint AMSI integration are prope ## SYNTAX +### PSMode ```powershell Test-DefenderAndAmsiWorkProperly [] ``` @@ -54,10 +55,6 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### None - -This cmdlet does not accept any input objects. - ## OUTPUTS ### System.Object From e470f5618a6591817aa48a069769d90c1f10f5be Mon Sep 17 00:00:00 2001 From: Yanyanmu Date: Fri, 29 Aug 2025 13:45:59 +0800 Subject: [PATCH 7/9] fix --- .../SharePointServer/Test-DefenderAndAmsiWorkProperly.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md index 896023cce..f2e104fc4 100644 --- a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md +++ b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md @@ -15,7 +15,7 @@ Tests that Windows Defender components and SharePoint AMSI integration are prope ## SYNTAX ### PSMode -```powershell +``` Test-DefenderAndAmsiWorkProperly [] ``` @@ -50,7 +50,6 @@ This example tests the Windows Defender components and SharePoint AMSI integrati ## PARAMETERS ### CommonParameters - This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS From ccd4b60f4b04f58a0b959a81307ee254def18f68 Mon Sep 17 00:00:00 2001 From: Yanyanmu Date: Fri, 29 Aug 2025 15:24:11 +0800 Subject: [PATCH 8/9] fix --- .../SharePointServer/Test-DefenderAndAmsiWorkProperly.md | 1 - 1 file changed, 1 deletion(-) diff --git a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md index 111f27212..a86c8cc2f 100644 --- a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md +++ b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md @@ -48,7 +48,6 @@ Test-DefenderAndAmsiWorkProperly -Verbose This example tests the Windows Defender components and SharePoint AMSI integration with verbose output to provide detailed information about each component being checked. ## PARAMETERS - ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). From f8e722d455077c1d120e1a709ef20e16143f6b3a Mon Sep 17 00:00:00 2001 From: Yanyanmu Date: Fri, 29 Aug 2025 15:33:06 +0800 Subject: [PATCH 9/9] fix --- .../SharePointServer/Test-DefenderAndAmsiWorkProperly.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md index a86c8cc2f..40e4dfc46 100644 --- a/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md +++ b/sharepoint/sharepoint-server-ps/SharePointServer/Test-DefenderAndAmsiWorkProperly.md @@ -14,7 +14,6 @@ Tests that Windows Defender components and SharePoint AMSI integration are prope ## SYNTAX -### PSMode ``` Test-DefenderAndAmsiWorkProperly [] ``` @@ -48,11 +47,10 @@ Test-DefenderAndAmsiWorkProperly -Verbose This example tests the Windows Defender components and SharePoint AMSI integration with verbose output to provide detailed information about each component being checked. ## PARAMETERS + ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). -## INPUTS - ## OUTPUTS ### System.Object