Namespace root/microsoft/windows/defender

The WMI namespace root/microsoft/windows/defender contains classes to manage the built-in Defender Anti-Virus and Threat-detection engine.

The WMI namespace root/microsoft/windows/defender contains classes to manage the built-in Defender Anti-Virus and Threat-detection engine.

root/microsoft/windows/defender contains the following 10 classes:

The namespace root/microsoft/windows/defender contains many more classes that may serve internal purposes (link classes to define relationships, abstract classes that serve as a template for inherited classes, etc.). If you feel our documentation is missing an important class, please take the time and leave a comment at the bottom of this page.

BaseStatus

PROPERTIES: 0

This is an abstract class that shows the base status.

MSFT_MpComputerStatus

PROPERTIES: 32

Represents the Defender base status. Module Defender ships with Get-MpComputerStatus that essentially delivers the same information.

MSFT_MpEvent

PROPERTIES: 7

This class is used for event queries and returned when threat events fire. There are no instances of this class that can be queried by Get-CimInstance.

MSFT_MpPreference

PROPERTIES: 54 METHODS: 3

Represents Defender preferences. Module Defender ships with Get-MpPreference, Add-MpPreference, Set-MpPreference and Remove-MpPreference which essentially manage the same information.

MSFT_MpScan

PROPERTIES: 0 METHODS: 1

Starts a Defender threat scan. Module Defender ships with Start-MpScan which essentially calls the method in this class.

MSFT_MpSignature

PROPERTIES: 0 METHODS: 1

Updates the Defender threat signatures. Module Defender ships with Update-MpSignature which essentially calls the method of this class.

MSFT_MpThreat

PROPERTIES: 10 METHODS: 1

Represents the Microsoft Antimalware service infection status. Module Defender ships with Get-MpThreat and Remove-MpThreat which essentially manage the same information.

MSFT_MpThreatCatalog

PROPERTIES: 5

Represents the catalog of recognized threats. Module Defender ships with Get-MpThreatCatalog that essentially delivers the same information.

MSFT_MpThreatDetection

PROPERTIES: 16

This is a class that represents the current detailed state of a threat. For a detailed list of error codes, see Get-MpThreatDetection.

MSFT_MpWDOScan

PROPERTIES: 0 METHODS: 1

Windows Defender Offline Scan Class