Starts the Windows Defender Offline scan.
Example
Do not run below example code just to see what happens next. Many methods seriously affect your system. Always make sure you actually understand what the method and the code do.
Invoke-CimMethod -ClassName MSFT_MpWDOScan -Namespace Root/Microsoft/Windows/Defender -MethodName Start
To run this method on one or more remote systems, use New-CimSession:
$ComputerName = 'server12','server14' # adjust to your server names
$Credential = Get-Credential # submit a user account with proper permissions
$session = New-CimSession -ComputerName $ComputerName -Credential $Credential
Invoke-CimMethod -ClassName MSFT_MpWDOScan -Namespace Root/Microsoft/Windows/Defender -MethodName Start -CimSession $session
Remove-CimSession -CimSession $session
Learn more about
Invoke-CimMethodand invoking WMI methods.
Syntax
uint32 Start();
Parameters
The method takes no arguments.
Return Value
Returns a value of type UInt32. Typically, a value of 0 indicates success.
Requirements
To use MSFT_MpWDOScan, the following requirements apply:
PowerShell
Get-CimInstance was introduced with PowerShell Version 3.0, which in turn was introduced on clients with Windows 8 and on servers with Windows Server 2012.
If necessary, update Windows PowerShell to Windows PowerShell 5.1, or install PowerShell 7 side-by-side.
Operating System
MSFT_MpWDOScan was introduced on clients with Windows 10 [desktop apps only] and on servers with Windows Server 2016.
Namespace
MSFT_MpWDOScan lives in the Namespace Root/Microsoft/Windows/Defender. This is not the default namespace. Use parameter -Namespace root/microsoft/windows/defender with all CIM cmdlets..
Implementation
MSFT_MpWDOScan is implemented in ProtectionManagement.dll and defined in ProtectionManagement.mof. Both files are located in the folder C:\Windows\system32\wbem:
explorer $env:windir\system32\wbem
notepad $env:windir\system32\wbem\ProtectionManagement.mof