TBD

Example

Do not run below example code just to see what happens next. Many methods seriously affect your system. Always make sure you actually understand what the method and the code do.

# define the arguments you want to submit to the method
# remove values that you do not want to submit
# make sure you replace values with meaningful content before running the code
# see section "Parameters" below for a description of each argument.
$arguments = @{
    ScanPath        = 'someText'  # replace 'someText' with meaningful text
    ScanType        = [UInt8](12345)  # replace 12345 with a meaningful value
}


Invoke-CimMethod -ClassName MSFT_MpScan -Namespace Root/Microsoft/Windows/Defender -MethodName Start -Arguments $arguments

To run this method on one or more remote systems, use New-CimSession:

$ComputerName = 'server12','server14'  # adjust to your server names
$Credential   = Get-Credential         # submit a user account with proper permissions

# define the arguments you want to submit to the method
# remove values that you do not want to submit
# make sure you replace values with meaningful content before running the code
# see section "Parameters" below for a description of each argument.
$arguments = @{
    ScanPath        = 'someText'  # replace 'someText' with meaningful text
    ScanType        = [UInt8](12345)  # replace 12345 with a meaningful value
}


$session = New-CimSession -ComputerName $ComputerName -Credential $Credential

Invoke-CimMethod -ClassName MSFT_MpScan -Namespace Root/Microsoft/Windows/Defender -MethodName Start -Arguments $arguments -CimSession $session

Remove-CimSession -CimSession $session

Learn more about Invoke-CimMethod and invoking WMI methods.

Syntax

uint32 Start(
  [in] uint8  ScanType,
  [in] string ScanPath
);

Parameters

Name Type Description
ScanPath String  
ScanType UInt8  

Return Value

Returns a value of type UInt32. Typically, a value of 0 indicates success.

Requirements

To use MSFT_MpScan, the following requirements apply:

PowerShell

Get-CimInstance was introduced with PowerShell Version 3.0, which in turn was introduced on clients with Windows 8 and on servers with Windows Server 2012.

If necessary, update Windows PowerShell to Windows PowerShell 5.1, or install PowerShell 7 side-by-side.

Operating System

MSFT_MpScan was introduced on clients with Windows 8.1 [desktop apps only] and on servers with Windows Server 2012 R2 [desktop apps only].

Namespace

MSFT_MpScan lives in the Namespace Root/Microsoft/Windows/Defender. This is not the default namespace. Use parameter -Namespace root/microsoft/windows/defender with all CIM cmdlets..

Implementation

MSFT_MpScan is implemented in ProtectionManagement.dll and defined in ProtectionManagement.mof. Both files are located in the folder C:\Windows\system32\wbem:

explorer $env:windir\system32\wbem
notepad $env:windir\system32\wbem\ProtectionManagement.mof