# Namespace root/microsoft/windows/defender

The WMI namespace root/microsoft/windows/defender contains classes to manage the built-in Defender Anti-Virus and Threat-detection engine.

The WMI namespace root/microsoft/windows/defender contains classes to manage the built-in Defender Anti-Virus and Threat-detection engine.

root/microsoft/windows/defender contains the following 10 classes:

The namespace root/microsoft/windows/defender contains many more classes that may serve internal purposes (link classes to define relationships, abstract classes that serve as a template for inherited classes, etc.). If you feel our documentation is missing an important class, please take the time and leave a comment at the bottom of this page.

### BaseStatus

This is an abstract class that shows the base status.

### MSFT_MpComputerStatus

Represents the Defender base status. Module Defender ships with Get-MpComputerStatus that essentially delivers the same information.

### MSFT_MpEvent

This class is used for event queries and returned when threat events fire. There are no instances of this class that can be queried by Get-CimInstance.

### MSFT_MpPreference

Represents Defender preferences. Module Defender ships with Get-MpPreference, Add-MpPreference, Set-MpPreference and Remove-MpPreference which essentially manage the same information.

### MSFT_MpScan

Starts a Defender threat scan. Module Defender ships with Start-MpScan which essentially calls the method in this class.

### MSFT_MpSignature

Updates the Defender threat signatures. Module Defender ships with Update-MpSignature which essentially calls the method of this class.

### MSFT_MpThreat

Represents the Microsoft Antimalware service infection status. Module Defender ships with Get-MpThreat and Remove-MpThreat which essentially manage the same information.

### MSFT_MpThreatCatalog

Represents the catalog of recognized threats. Module Defender ships with Get-MpThreatCatalog that essentially delivers the same information.

### MSFT_MpThreatDetection

This is a class that represents the current detailed state of a threat. For a detailed list of error codes, see Get-MpThreatDetection.

### MSFT_MpWDOScan

Windows Defender Offline Scan Class