none
way to get the results of the last scheduled scan RRS feed

  • Question

  • So with get-mpcomputerstatus  (sample results below) is there any way to tell if the scheduled scan came back clean or if there were any infected files detected?  I can see the last scheduled scan was 2/23/20, is there anyway to verify a clean result?

    PS C:\> get-mpcomputerstatus



    AMEngineVersion                 : 1.1.16800.2
    AMProductVersion                : 4.18.2001.7
    AMServiceEnabled                : True
    AMServiceVersion                : 4.18.2001.7
    AntispywareEnabled              : True
    AntispywareSignatureAge         : 0
    AntispywareSignatureLastUpdated : 2/25/2020 6:59:23 AM
    AntispywareSignatureVersion     : 1.311.51.0
    AntivirusEnabled                : True
    AntivirusSignatureAge           : 0
    AntivirusSignatureLastUpdated   : 2/25/2020 6:59:23 AM
    AntivirusSignatureVersion       : 1.311.51.0
    BehaviorMonitorEnabled          : False
    ComputerState                   : 0
    FullScanAge                     : 2
    FullScanEndTime                 : 2/23/2020 7:00:40 AM
    FullScanStartTime               : 2/23/2020 6:00:11 AM
    IoavProtectionEnabled           : True
    IsTamperProtected               : False
    IsVirtualMachine                : False
    LastFullScanSource              : 2
    LastQuickScanSource             : 0
    NISEnabled                      : False
    NISEngineVersion                : 0.0.0.0
    NISSignatureAge                 : 4294967295
    NISSignatureLastUpdated         : 
    NISSignatureVersion             : 0.0.0.0
    OnAccessProtectionEnabled       : True
    QuickScanAge                    : 4294967295
    QuickScanEndTime                : 
    QuickScanStartTime              : 
    RealTimeProtectionEnabled       : True
    RealTimeScanDirection           : 0
    PSComputerName                  : 




    PS C:\> 

    Wednesday, February 26, 2020 12:44 AM

Answers

  • Hi,

     

    Firstly, each of these properties provide you with information about the status of Windows Defender.

    Let's take a look at some of them:

    • AMEngineVersion: version of the antimalware engine
    • NISEngineVersion: version of the network inspection system engine
    • AMServiceEnabled: activation of the antimalware service
    • AMProductVersion: antimalware client version
    • AMServiceVersion: antimalware service version
    • AntispywareEnabled: antispyware protection activation status
    • AntispywareSignatureLastUpdated: threat definitions' creation date
    • AntispywareSignatureVersion: antivirus signatures version
    • AntivirusSignatureVersion: antispyware signatures version
    • NISSignatureVersion: network inspection system signatures version
    • AntivirusEnabled: antivirus protection activation status
    • AntivirusSignatureLastUpdated: date and time of last update for the antivirus signatures
    • FullScanAge: number of days since the last system's full scan
    • FullScanEndTime: end date and time of the last full scan of the system
    • FullScanStartTime: start date and time of the last full scan of the system
    • NISEnabled: network inspection system activation status
    • NISSignatureLastUpdated: date and time of last update for the network inspection system's signatures
    • QuickScanAge: number of days since the last quick scan of the system
    • QuickScanEndTime: end date and time of the last quick scan of the system
    • QuickScanStartTime: start date and time of the last quick scan of the system
    • RealTimeProtectionEnabled: real-time protection activation status

     

    Besides, if you want to  verify a clean result, you could perform a system scan and there are two cmdlets that can be used to perform a system scan: Start-MpScan and Start-MpWDOScan.

     

    More specific details please refer to the following Microsoft link:

    Manage Windows Defender using PowerShell

    https://social.technet.microsoft.com/wiki/contents/articles/52251.manage-windows-defender-using-powershell.aspx#Getting_Threats_information

     

    Hope can help you.Have a nice day!

     

    Kiki


    "Windows 10 Installation, Setup, and Deployment" forum will be migrating to a new home on Microsoft Q&A (Preview)!
    We invite you to post new questions in the "Windows 10 Installation, Setup, and Deployment" forum’s new home on Microsoft Q&A (Preview)!
    For more information, please refer to the sticky post.

    Thursday, February 27, 2020 2:56 AM

All replies

  • Hi,

     

    Firstly, each of these properties provide you with information about the status of Windows Defender.

    Let's take a look at some of them:

    • AMEngineVersion: version of the antimalware engine
    • NISEngineVersion: version of the network inspection system engine
    • AMServiceEnabled: activation of the antimalware service
    • AMProductVersion: antimalware client version
    • AMServiceVersion: antimalware service version
    • AntispywareEnabled: antispyware protection activation status
    • AntispywareSignatureLastUpdated: threat definitions' creation date
    • AntispywareSignatureVersion: antivirus signatures version
    • AntivirusSignatureVersion: antispyware signatures version
    • NISSignatureVersion: network inspection system signatures version
    • AntivirusEnabled: antivirus protection activation status
    • AntivirusSignatureLastUpdated: date and time of last update for the antivirus signatures
    • FullScanAge: number of days since the last system's full scan
    • FullScanEndTime: end date and time of the last full scan of the system
    • FullScanStartTime: start date and time of the last full scan of the system
    • NISEnabled: network inspection system activation status
    • NISSignatureLastUpdated: date and time of last update for the network inspection system's signatures
    • QuickScanAge: number of days since the last quick scan of the system
    • QuickScanEndTime: end date and time of the last quick scan of the system
    • QuickScanStartTime: start date and time of the last quick scan of the system
    • RealTimeProtectionEnabled: real-time protection activation status

     

    Besides, if you want to  verify a clean result, you could perform a system scan and there are two cmdlets that can be used to perform a system scan: Start-MpScan and Start-MpWDOScan.

     

    More specific details please refer to the following Microsoft link:

    Manage Windows Defender using PowerShell

    https://social.technet.microsoft.com/wiki/contents/articles/52251.manage-windows-defender-using-powershell.aspx#Getting_Threats_information

     

    Hope can help you.Have a nice day!

     

    Kiki


    "Windows 10 Installation, Setup, and Deployment" forum will be migrating to a new home on Microsoft Q&A (Preview)!
    We invite you to post new questions in the "Windows 10 Installation, Setup, and Deployment" forum’s new home on Microsoft Q&A (Preview)!
    For more information, please refer to the sticky post.

    Thursday, February 27, 2020 2:56 AM
  • Hi,

     

    Just check if it helps.

    If the reply helped you, please remember to mark it as an answer.

    If no, please reply and tell us the current situation in order to provide further help.

     

    Best Regards,

    Kiki


    "Windows 10 Installation, Setup, and Deployment" forum will be migrating to a new home on Microsoft Q&A (Preview)!
    We invite you to post new questions in the "Windows 10 Installation, Setup, and Deployment" forum’s new home on Microsoft Q&A (Preview)!
    For more information, please refer to the sticky post.

    Friday, February 28, 2020 2:34 AM
  • Fresh load the drive and wipe it 2000 times, there is no way simply asking in a forum will protect the data
    Friday, February 28, 2020 2:56 AM