Overview.
Windows Defender Antivirus is an antivirus and anti-malware software developed by Microsoft. It comes pre-installed on Windows operating systems, starting with Windows 8 and later versions. In early versions of Windows 10, Windows Security is called Windows Defender Security Center. Windows Defender is designed to protect your computer from various types of threats, including viruses, malware, spyware, and other potentially unwanted software.
Key features and functions of Windows Defender:
Virus & threat protection Monitor threats to your device, run scans, and get updates to help detect the latest threats. (Some of these options are unavailable if you’re running Windows 10 in S mode.)
Account protection Access sign-in options and account settings, including Windows Hello and dynamic lock.
Firewall & network protection Manage firewall settings and monitor what’s happening with your networks and internet connections.
App & browser control Update settings for Microsoft Defender SmartScreen to help protect your device against potentially dangerous apps, files, sites, and downloads. You’ll have exploit protection and you can customize protection settings for your devices.
Device security Review built-in security options to help protect your device from attacks by malicious software.
Device performance & health View status info about your device’s performance health, and keep your device clean and up to date with the latest version of Windows.
Family options Keep track of your kids’ online activity and the devices in your household
Windows Defender cmdlet.
Add-MpPreference
# Add a folder to the exclusion list
Add-MpPreference -ExclusionPath "C:\Temp"
# Allow an application to access folders
Add-MpPreference -ControlledFolderAccessAllowedApplications "c:\apps\test.exe"
# Gets the status of antimalware software on the computer.
Get-MpComputerStatus
# Gets preferences for the Windows Defender scans and updates.
Get-MpPreference
# Gets the history of threats detected on the computer.
Get-MpThreat
# Gets known threats from the definitions catalog.
Get-MpThreatCatalog
# Gets active and past malware threats that Windows Defender detected.
Get-MpThreatDetection
# Removes exclusions or default actions.
Remove-MpPreference
# Removes active threats from a computer.
Remove-MpThreat
# Configures preferences for Windows Defender scans and updates.
Set-MpPreference
# Starts a scan on a computer.
Start-MpScan
# start a scan custom
Start-MpScan -ScanPath
# Starts a Windows Defender offline scan.
Start-MpWDOScan
# Updates the antimalware definitions on a computer.
Update-MpSignature
# Update signature from specific source:
Update-MpSignature -UpdateSource MicrosoftUpdateServer
Administering to multiple computers.
In case you need to run the Windows Defender scanning remotely to another single computer on the domain, you can use PSsession and run the Windows Defender cmdlet remotely. Otherwise, you can use CimSession to scan multple computers on the domain.
Example:
# Scan computer on an OU using `SearchBase`.
Start-MpScan -CimSession (Get-ADComputer -Filter * -SearchBase "OU=WIN10,DC=DOMAIN,DC=COM" | Select-Object -ExpandProperty Name) -ScanType FullScan ‑AsJob
# Check Threat Detection within 1 Day.
Get-MpThreatDetection -CimSession COMP1,COMP2 -ThreatID 2147519003 | Where-Object {$_.InitialDetectionTime -gt (Get-Date).AddDays(-1)} | Select-Object PSComputerName,ProcessName
Conclusion
While Windows Defender offers decent protection for your computer, some users may prefer to use third-party antivirus software with additional features and options. However, for those who want a straightforward, and built-in security solution, Windows Defender is a reliable choice, offering basic protection against various threats without the need for additional software installations.