You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/microsoft-defender-antivirus-using-powershell.md
+6-10Lines changed: 6 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -46,12 +46,9 @@ This article describes configuration options in Windows 10 or newer and Windows
46
46
47
47
This guide provides the [Microsoft Defender Antivirus cmdlets](/powershell/module/defender/?view=windowsserver2022-ps&preserve-view=true) that configure the features you should use to evaluate our protection.
48
48
49
-
To use these cmdlets:
49
+
To use these cmdlets, open PowerShell as an administrator, run a command, and then press **Enter**.
50
50
51
-
1. Open an elevated instance of PowerShell (choose to Run as administrator).
52
-
1. Enter the command listed in this guide and press **Enter**.
53
-
54
-
You can check the status of all settings before you begin, or during your evaluation, by using the [Get-MpPreference PowerShell cmdlet](/powershell/module/defender/get-mppreference?view=windowsserver2022-ps&preserve-view=true).
51
+
You can check the status of all settings before you begin, or during your evaluation, by using the [Get-MpPreference PowerShell cmdlet](/powershell/module/defender/get-mppreference).
55
52
56
53
Microsoft Defender Antivirus indicates a detection through [standard Windows notifications](configure-notifications-microsoft-defender-antivirus.md). You can also [review detections in the Microsoft Defender Antivirus app](review-scan-results-microsoft-defender-antivirus.md).
57
54
@@ -61,15 +58,15 @@ The Windows event log also records detection and engine events. [See the Microso
61
58
62
59
Standard definition updates can take hours to prepare and deliver; our cloud-delivered protection service can deliver this protection in seconds.
63
60
64
-
More details are available in [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus).
61
+
For more information, see [Cloud protection and Microsoft Defender Antivirus](cloud-protection-microsoft-defender-antivirus.md).
65
62
66
63
| Description | PowerShell Command |
67
64
|---|---|
68
65
|Enable the Microsoft Defender Cloud for near-instant protection and increased protection|`Set-MpPreference -MAPSReporting Advanced`|
69
66
|Automatically submit samples to increase group protection|`Set-MpPreference -SubmitSamplesConsent Always`|
70
67
|Always Use the cloud to block new malware within seconds|`Set-MpPreference -DisableBlockAtFirstSeen 0`|
71
68
|Scan all downloaded files and attachments|`Set-MpPreference -DisableIOAVProtection 0`|
72
-
|Set cloud block level to 'High'|`Set-MpPreference -CloudBlockLevel High`|
69
+
|Set cloud block level to High|`Set-MpPreference -CloudBlockLevel High`|
73
70
|High Set cloud block time-out to 1 minute|`Set-MpPreference -CloudExtendedTimeout 50`|
74
71
75
72
## Always-on protection (real-time scanning)
@@ -81,7 +78,7 @@ For more information on these options, see [Configure behavioral, heuristic, and
81
78
| Description | PowerShell Command |
82
79
|---|---|
83
80
|Constantly monitor files and processes for known malware modifications |`Set-MpPreference -DisableRealtimeMonitoring 0`|
84
-
|Constantly monitor for known malware behaviors – even in 'clean' files and running programs |`Set-MpPreference -DisableBehaviorMonitoring 0`|
81
+
|Constantly monitor for known malware behaviors, even in files that aren't considered to be a threat, and running programs |`Set-MpPreference -DisableBehaviorMonitoring 0`|
85
82
|Scan scripts as soon as they're seen or run |`Set-MpPreference -DisableScriptScanning 0`|
86
83
|Scan removable drives as soon as they're inserted or mounted |`Set-MpPreference -DisableRemovableDriveScanning 0`|
87
84
@@ -134,7 +131,6 @@ For more information, see [How do I configure or manage tamper protection](/defe
134
131
135
132
It's important to check that the Cloud Protection network connectivity is working during your pen testing. Using Command Prompt as an administrator, run the following command:
136
133
137
-
138
134
```
139
135
cd "C:\Program Files\Windows Defender"
140
136
MpCmdRun.exe -ValidateMapsConnection
@@ -150,7 +146,7 @@ For more information, see [Microsoft Defender Offline](microsoft-defender-offlin
150
146
151
147
| Description | PowerShell Command |
152
148
|---|---|
153
-
|Ensure notifications allow you to boot the device into a specialized malware removal environment|Set-MpPreference -UILockdown 0|
149
+
|Ensure notifications allow you to boot the device into a specialized malware removal environment|`Set-MpPreference -UILockdown 0`|
0 commit comments