On Windows, PowerShell comes with cmdlets to automate the built-in antivirus engine “Defender”. In this second part, let’s take a look at how you find...
On Windows, PowerShell comes with cmdlets to automate the built-in antivirus engine “Defender”. In this second part, let’s take a look at how you find out the antivirus settings that are active on your machine:
As you see from the results, a few settings are protected and need Administrator privileges to query.
If you’d like to change AV settings, simply use the Set verb: Set-MpPreference.
Of course you can filter the returned information to answer specific questions using Select-Object, but what if you’d like to filter the information based on value? Let’s say you need a list of all features that are currently turned off?
Filtering Properties Using PSObject
Here’s a clever approach that uses the underlying PSObject to list the names of all properties, then filters them based on their value:
Since the approach above can filter based on (any) property value, you can easily adjust this to i.e. dump only properties that contains a [byte] below 500:
For now, the take-away is: by wrapping code inside functions, you make your code reusable, you automatically add scalability (in our example above we now could convert one or thousands of strings in the same call), and your production script code becomes shorter and can focus on what it really wants to accomplish.
PS C:\> Get-Command -Module ConfigDefender
CommandType Name Version Source
----------- ---- ------- ------
Function Add-MpPreference 1.0 ConfigDefender
Function Get-MpComputerStatus 1.0 ConfigDefender
Function Get-MpPreference 1.0 ConfigDefender
Function Get-MpThreat 1.0 ConfigDefender
Function Get-MpThreatCatalog 1.0 ConfigDefender
Function Get-MpThreatDetection 1.0 ConfigDefender
Function Remove-MpPreference 1.0 ConfigDefender
Function Remove-MpThreat 1.0 ConfigDefender
Function Set-MpPreference 1.0 ConfigDefender
Function Start-MpRollback 1.0 ConfigDefender
Function Start-MpScan 1.0 ConfigDefender
Function Start-MpWDOScan 1.0 ConfigDefender
Function Update-MpSignature 1.0 ConfigDefender