You can manage some Microsoft Defender Antivirus settings on devices with PowerShellWindows Management Instrumentation (WMI), and the Microsoft Malware Protection Command Line Utility (MPCmdRun.exe). For example, you can manage some Microsoft Defender Antivirus settings. And, in some cases, you can customize your attack surface reduction rules and exploit protection settings.


Threat protection features that you configure by using PowerShell, WMI, or MCPmdRun.exe can be overwritten by configuration settings that are deployed with Intune or Configuration Manager.

Configure Microsoft Defender for Endpoint with PowerShell

You can use PowerShell to manage Microsoft Defender Antivirus, exploit protection, and your attack surface reduction rules.

Task Resources to learn more
Manage Microsoft Defender Antivirus

View status of antimalware protection, configure preferences for antivirus scans & updates, and make other changes to your antivirus protection.*

Use PowerShell cmdlets to configure and manage Microsoft Defender Antivirus

Use PowerShell cmdlets to enable cloud-delivered protection

Configure exploit protection to mitigate threats on your organization’s devices

We recommend using exploit protection in audit mode at first. That way, you can see how exploit protection affects apps your organization is using.

Customize exploit protection

PowerShell cmdlets for exploit protection

Configure attack surface reduction rules with PowerShell

You can use PowerShell to exclude files and folders from attack surface reduction rules.

Customize attack surface reduction rules: Use PowerShell to exclude files & folders

Also, see António Vasconcelo’s graphical user interface tool for setting attack surface reduction rules with PowerShell.

Enable Network Protection with PowerShell

You can use PowerShell to enable Network Protection.

Turn on Network Protection with PowerShell
Configure controlled folder access to protect against ransomware

Controlled folder access is also referred to as antiransomware protection.

Enable controlled folder access with PowerShell
Configure Microsoft Defender Firewall to block unauthorized network traffic flowing into or out of your organization’s devices Microsoft Defender Firewall with Advanced Security Administration using Windows PowerShell
Configure encryption and BitLocker to protect information on your organization’s devices running Windows BitLocker PowerShell reference guide

Configure Microsoft Defender for Endpoint with Windows Management Instrumentation (WMI)

WMI is a scripting interface that allows you to retrieve, modify, and update settings. To learn more, see Using WMI.

Task Resources to learn more
Enable cloud-delivered protection on a device Use Windows Management Instruction (WMI) to enable cloud-delivered protection
Retrieve, modify, and update settings for Microsoft Defender Antivirus [Use WMI to configure and manage Microsoft Defender Antivirus](/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus

Review the list of available WMI classes and example scripts

Also see the archived Windows Defender WMIv2 Provider reference information

Configure Microsoft Defender for Endpoint with Microsoft Malware Protection Command-Line Utility (MPCmdRun.exe)

On an individual device, you can run a scan, start diagnostic tracing, check for security intelligence updates, and more using the mpcmdrun.exe command-line tool. You can find the utility in %ProgramFiles%\Windows Defender\MpCmdRun.exe. Run it from a command prompt.

To learn more, see Configure and manage Microsoft Defender Antivirus with mpcmdrun.exe.

Configure your Microsoft 365 Defender portal

If you haven’t already done so, configure your Microsoft 365 Defender portal to view alerts, configure threat protection features, and view detailed information about your organization’s overall security posture.

You can also configure whether and what features end users can see in the Microsoft Defender Security Center.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 4 times, 1 visits today)