The WMI namespace root/microsoft/windows/defender contains classes to manage the built-in Defender Anti-Virus and Threat-detection engine.
root/microsoft/windows/defender contains the following 10 classes:
The namespace root/microsoft/windows/defender contains many more classes that may serve internal purposes (link classes to define relationships, abstract classes that serve as a template for inherited classes, etc.). If you feel our documentation is missing an important class, please take the time and leave a comment at the bottom of this page.
This is an abstract class that shows the base status.
Represents the Defender base status. Module Defender ships with
Get-MpComputerStatus that essentially delivers the same information.
This class is used for event queries and returned when threat events fire. There are no instances of this class that can be queried by
Represents Defender preferences. Module Defender ships with
Remove-MpPreference which essentially manage the same information.
Starts a Defender threat scan. Module Defender ships with
Start-MpScan which essentially calls the method in this class.
Updates the Defender threat signatures. Module Defender ships with
Update-MpSignature which essentially calls the method of this class.
Represents the Microsoft Antimalware service infection status. Module Defender ships with
Remove-MpThreat which essentially manage the same information.
Represents the catalog of recognized threats. Module Defender ships with
Get-MpThreatCatalog that essentially delivers the same information.
This is a class that represents the current detailed state of a threat. For a detailed list of error codes, see Get-MpThreatDetection.
Windows Defender Offline Scan Class