Below is a collage of common antivirus actions one would want to perform on a client.
Windows
- Get Protection Status: Get-MpComputerStatus.
- This command retrieves the current status of the computer's protection, providing insights into the security features that are enabled and their operational status. It includes information on real-time protection, antivirus version, and last scan time.
- Get History of Incidents: Get-MpThreat.
- This command pulls up a history of threats that have been detected and handled by Microsoft Defender. It helps in auditing and understanding past incidents on the machine.
- Run full Scan: start-mpscan -ScanType FullScan.
- Initiates a full system scan, which thoroughly checks all files and programs on the device for any malicious activity.
- Get History of Protection: Get-MpThreatDetection.
- Note. The difference between the above two commands is, that while Get-MpThreat pulls up the threat history, the Get-MpThreatDetection command pulls up the protection history.
- Get Scan Configuration Details: Get-MpPreference
- Displays the current configuration settings for Microsoft Defender, including scheduled scans, exclusion paths, and actions taken on detections.
- Disable Realtime Protection: Set-MpPreference -DisableRealtimeMonitoring $true
- Disables real-time protection, Should be used with caution as it leaves the system vulnerable.
- Enable Realtime Protection: Set-MpPreference -DisableRealtimeMonitoring $false
- Enables real-time protection to ensure ongoing security monitoring.
- Force Update Definitions: Update-MpSignature
- Manually triggers an update of the antivirus definitions, ensuring the latest threat intelligence is used.
- Performance Troubleshooting: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide
- This guide provides detailed steps and considerations for optimizing Microsoft Defender's performance on your system.
Linux
- Get Protection Status: mdatp health
- Retrieves the current health status of the Microsoft Defender for Endpoint service, including its operational state and last update time.
- Get History of Incidents: mdatp threat list
- Lists all threats detected on the system, providing an overview of past security incidents.
- Run full Scan: mdatp scan full
- Initiates a comprehensive scan of the entire system to detect and mitigate threats.
- Connectivity Test: mdatp connectivity test
- Checks the connectivity of the Microsoft Defender service to its cloud components, ensuring that updates and threat intelligence are being received.
- Advanced Topics and performance diag: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/comprehensive-guidance-on-linux-deployment?view=o365-worldwide
- This guide covers advanced deployment topics and performance tuning for Microsoft Defender on Linux.
- Force Update Definitions: mdatp definitions update
- Forces an update of the antivirus definitions to ensure the latest protection is applied.
- Create False Positive incident: wget "https://secure.eicar.org/eicar.com.txt"
- Downloads a text file that is universally recognized as a harmless virus by antivirus products. This can be used to verify the proper functioning of the antivirus software.
View Security Alerts
- Log into the Azure Portal.
- In the top search box, type defender for the cloud.
- Select Defender for Cloud.
- On the left, select Security Alerts.
Related Documentation