Get Started

You need to be a premium member to use this feature. To access it, you'll have to upgrade your membership.

Become a sharper developer and jumpstart your career.

Basic

$0

$

. 00

monthly

For Basic members:

  • Standard Profile
  • Access learning courses
  • Access free e-books
  • 1x point

Premium

$20

$

. 00

monthly

For Premium members:

  • Earn 2x reward points
  • Premium profile with Verified check
  • Premium Avatar with status update
  • Learning courses
  • Unlimited Certifications and badges on profile
  • Unlimited Book downloads
  • Access to Premium content
  • Online Training
  • Unlimited PDF conversions and downloads
  • Professional Resume Writing
  • Interview Preparations Guide
  • 25 messages per month
  • 1 "Kodzu" avatar, basic
Azure

Microsoft Defender for Endpoint (MDE), Common Actions

Summary

The purpose of this article is to give quick access to instructions for typical administrative activities related to antivirus software.

Required Microsoft Defender for Cloud Plan 1 or Plan 2 Deployment to the appropriate Virtual Machine subscription.

System details: Windows, Linux, and Azure Virtual Machines. Not AKS Clusters, not virtual machine scale sets.

Windows

  • Get protection status: Get-MpComputerStatus
  • Get history of incidents: Get-MpThreat
  • Run full scan: start-mpscan -ScanType FullScan
  • Get history of protection: Get-MpThreatDetection
    Note. The difference between the above two commands is, while Get-MpThreat pulls up the threat history, the Get-MpThreatDetection command pulls up the protection history.
  • Get scan configuration details: Get-MpPreference
  • Disable realtime protection: Set-MpPreference -DisableRealtimeMonitoring $true
  • Enable realtime protection: Set-MpPreference -DisableRealtimeMonitoring $false
  • Force update definitions: Update-MpSignature
  • Performance troubleshooting: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide

Linux

  • Get protection status: mdatp health
  • Get the history of incidents: mdatp threat list
  • Run full scan: mdatp scan full
  • Advanced topics and performance diag: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/comprehensive-guidance-on-linux-deployment?view=o365-worldwide
  • Force update definitions: mdatp definitions update
  • Create false positive incident: wget "https://secure.eicar.org/eicar.com.txt"

  • Summary

    The purpose of this article is to give quick access to instructions for typical administrative activities related to antivirus software.

    Required Microsoft Defender for Cloud Plan 1 or Plan 2 Deployment to the appropriate Virtual Machine subscription.

    System details: Windows, Linux, and Azure Virtual Machines. Not AKS Clusters, not virtual machine scale sets.

    Windows

  • Get protection status: Get-MpComputerStatus
  • Get history of incidents: Get-MpThreat
  • Run full scan: start-mpscan -ScanType FullScan
  • Get history of protection: Get-MpThreatDetection
    Note. The difference between the above two commands is, while Get-MpThreat pulls up the threat history, the Get-MpThreatDetection command pulls up the protection history.
  • Get scan configuration details: Get-MpPreference
  • Disable realtime protection: Set-MpPreference -DisableRealtimeMonitoring $true
  • Enable realtime protection: Set-MpPreference -DisableRealtimeMonitoring $false
  • Force update definitions: Update-MpSignature
  • Performance troubleshooting: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide

  • Linux

  • Get protection status: mdatp health
  • Get the history of incidents: mdatp threat list
  • Run full scan: mdatp scan full
  • Advanced topics and performance diag: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/comprehensive-guidance-on-linux-deployment?view=o365-worldwide
  • Force update definitions: mdatp definitions update
  • Create false positive incident: wget "https://secure.eicar.org/eicar.com.txt"

  • Summary

    The purpose of this article is to give quick access to instructions for typical administrative activities related to antivirus software.

    Required Microsoft Defender for Cloud Plan 1 or Plan 2 Deployment to the appropriate Virtual Machine subscription.

    System details: Windows, Linux, and Azure Virtual Machines. Not AKS Clusters, not virtual machine scale sets.

    Windows

  • Get protection status: Get-MpComputerStatus
  • Get history of incidents: Get-MpThreat
  • Run full scan: start-mpscan -ScanType FullScan
  • Get history of protection: Get-MpThreatDetection
    Note. The difference between the above two commands is, while Get-MpThreat pulls up the threat history, the Get-MpThreatDetection command pulls up the protection history.
  • Get scan configuration details: Get-MpPreference
  • Disable realtime protection: Set-MpPreference -DisableRealtimeMonitoring $true
  • Enable realtime protection: Set-MpPreference -DisableRealtimeMonitoring $false
  • Force update definitions: Update-MpSignature
  • Performance troubleshooting: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide

  • Linux

  • Get protection status: mdatp health
  • Get the history of incidents: mdatp threat list
  • Run full scan: mdatp scan full
  • Advanced topics and performance diag: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/comprehensive-guidance-on-linux-deployment?view=o365-worldwide
  • Force update definitions: mdatp definitions update
  • Create false positive incident: wget "https://secure.eicar.org/eicar.com.txt"

Up Next
    Ebook Download
    View all
    Learn
    View all