As I was experimenting with the new PowerShell 5.0 cmdlets for Windows Defender I noticed that there is no parameter for starting a custom scan. As a workaround I used the mpcmdrun.exe tool to initiate the scan. For example the following code will execute a custom scan on C:\Temp:
1 | & "$($env:programfiles)\Windows Defender\mpcmdrun.exe" -Scan -ScanType 3 -File 'C:\Temp' |
This allows for scanning a custom folder, and the results will be displayed to the console. The results are also logged in the Windows Defender Operational log, if logging for Windows Defender has not been disabled. Using the Get-WinEvent cmdlet we can get this information from the eventlog.
1 2 | Get-WinEvent -LogName 'Microsoft-Windows-Windows Defender/Operational' | Select-Object -First 2 -ExpandProperty Message |
For more information on this topic have a look at the following resources:
| Windows Defender |
| Security-Malware-Windows-Defender |
| Run (and Automate) Windows Defender from the Command Line |
