Windows Defender and PowerShell

Jordan Hammond Fun Headshot
Jordan Hammond|April 22, 2020
Windows Defender
Windows Defender

Is windows defender up to date with its virus definitions? I can’t tell you that myself without you giving way more access to your stuff than you should be comfortable with, but I can tell you how to find it. We are going to do this with the PDQ PowerShell Scanner and a built-in command in PowerShell. And because Nate loves you, we are going to add error handling, so you control your output. As we have with several scripts, we added this to your GitHub for Scanner scripts. These will give you an excellent launching point for ideas. If you have something you would love for the world to know about, please share, we have contributing guidelines here. Watch the accompanying video to this blog post here.

Grabbing Information on Windows Defender

We have the full script here, but let’s break down what we have added and why. You can grab everything you need with a single command.

Get-MpComputerStatus

That is it, that will give you everything you need, even a lot of things you don’t need. Overall it will return 38 columns of data. We don’t think you will need all of that, but each environment will probably be looking for different information. So I would recommend you run this, see what you need and add | Select-Object to the end of that line. That way, it will be customized for your needs. Or continue to grab it all and let your collections and reports fine-tune the data down for you. Both will work great. Nate recommends the following:

Get-MpComputerStatus | Select-Object AMProductVersion, AMServiceEnabled, AntispywareSignatureVersion, AntivirusEnabled

Error Handling

Adding that one command will work, but there are some common instances where it will have an error. Instead of breaking down and searching out what may have gone wrong, let’s test for those errors, and then write a custom message so it is easier to track down what may have gone wrong.

The first error we will capture is if you have machines that are not Windows 10. If it is not, the command will not exist. (see Get-Command)

if (-Not(Get-Command Get-MpComputerStatus -ErrorAction SilentlyContinue)) { throw "Unable to find Get-MpComputerStatus. Available on Windows 10/Server 2016 or higher" }

This will check for the command, and if it is not there, then it will throw a custom message that makes it clear what happened.

The other common error we see is the windows defender service is not running. So a quick test on that service, and you can error out if it is not.

$DefenderStatus = (Get-Service WinDefend -ErrorAction SilentlyContinue).Status if ($DefenderStatus -ne "Running") { throw "The Windows Defender service is not currently running" }

This script really highlights that although a one-liner would work, with a little time and a few lines, you can make it run so much cleaner.

Putting it all Together

if (-Not(Get-Command Get-MpComputerStatus -ErrorAction SilentlyContinue)) { throw "Unable to find Get-MpComputerStatus. Available on Windows 10/Server 2016 or higher" } $DefenderStatus = (Get-Service WinDefend -ErrorAction SilentlyContinue).Status if ($DefenderStatus -ne "Running") { throw "The Windows Defender service is not currently running" } Get-MpComputerStatus

Hopefully, this highlights how easy it is to grab information that may not have been readily available to you before. With a little bit of PowerShell, know how you can make sure that you can grab any information you could need at any point.

Jordan Hammond Fun Headshot
Jordan Hammond

Jordan had spent his life wondering why tasks he didn’t like to do had no options to complete themselves. Eventually he had to make that happen on his own. It turned out that he enjoyed making tasks complete themselves, and PDQ thought that is something he should talk about on the internet while drinking most Thursdays on the PDQ webcast.

Related articles