| title | description | ms.service | ms.localizationpriority | author | ms.author | ms.custom | ms.date | ms.reviewer | manager | ms.subservice | audience | ms.topic | ms.collection | search.appverid | |||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Configure Microsoft Defender Antivirus with WMI |
Learn how to configure and manage Microsoft Defender Antivirus by using WMI scripts to retrieve, modify, and update settings in Microsoft Defender for Endpoint. |
defender-endpoint |
medium |
siosulli |
siosulli |
nextgen |
10/18/2018 |
pahuijbr |
deniseb |
ngp |
ITPro |
how-to |
|
met150 |
[!INCLUDE Microsoft Defender XDR rebranding]
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender Antivirus
Platforms
- Windows
Windows Management Instrumentation (WMI) is a scripting interface that allows you to retrieve, modify, and update settings.
Read more about WMI at the Microsoft Developer Network System Administration library.
Microsoft Defender Antivirus has a number of specific WMI classes that can be used to perform most of the same functions as Group Policy and other management tools. Many of the classes are analogous to Defender for Cloud PowerShell cmdlets.
The MSDN Windows Defender WMIv2 Provider reference library lists the available WMI classes for Microsoft Defender Antivirus, and includes example scripts.
Changes made with WMI will affect local settings on the endpoint where the changes are deployed or made. This means that deployments of policy with Group Policy, Microsoft Endpoint Configuration Manager, or Microsoft Intune can overwrite changes made with WMI.
You can configure which settings can be overridden locally with local policy overrides.
Tip
If you're looking for Antivirus related information for other platforms, see:
- Set preferences for Microsoft Defender for Endpoint on macOS
- Microsoft Defender for Endpoint on Mac
- macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune
- Set preferences for Microsoft Defender for Endpoint on Linux
- Microsoft Defender for Endpoint on Linux
- Configure Defender for Endpoint on Android features
- Configure Microsoft Defender for Endpoint on iOS features
Tip
Performance tip Due to a variety of factors (examples listed below) Microsoft Defender Antivirus, like other antivirus software, can cause performance issues on endpoint devices. In some cases, you might need to tune the performance of Microsoft Defender Antivirus to alleviate those performance issues. Microsoft's Performance analyzer is a PowerShell command-line tool that helps determine which files, file paths, processes, and file extensions might be causing performance issues; some examples are:
- Top paths that impact scan time
- Top files that impact scan time
- Top processes that impact scan time
- Top file extensions that impact scan time
- Combinations – for example:
- top files per extension
- top paths per extension
- top processes per path
- top scans per file
- top scans per file per process
You can use the information gathered using Performance analyzer to better assess performance issues and apply remediation actions. See: Performance analyzer for Microsoft Defender Antivirus.