News
New PowerShell Tools Assess Microsoft Defender Antivirus Performance
Microsoft on Tuesday announced new PowerShell 5.1 cmdlets for analyzing the scanning performance of the Microsoft Defender Antivirus service.
IT pros with administrator privileges can run a performance recording cmdlet (New-MpPerformanceRecording) to collect performance information about Microsoft Defender Antivirus scans. They next run a performance report cmdlet (Get-MpPerformanceReport) that provides analysis based on the scan information that was collected.
The performance analysis for Microsoft Defender Antivirus cmdlets are getting released "in early September," allowing IT pros to troubleshoot situations where anti-malware scans may be slowed down, perhaps. Microsoft explained that "there are times that scans can take a while to complete due to various factors such as environment configurations, longer processes, or unknown files."
The cmdlets involve very manual processes in getting reports. However, it is possible to export the data into files, such as JavaScript Object Notation (JSON) or comma-separated values (CSVs), for further use in other tools.
The data that can be displayed, according to a Microsoft document, include:
- Top files that impact scan time
- Top processes that impact scan time
- Top file extensions that impact scan time
- Combinations -- for example, top files per extension, top scans per file, top scans per file per process
To use the performance analysis for Microsoft Defender Antivirus PowerShell cmdlets, organizations need "Windows 10, Windows 11, and Windows Server 2016 and above." The Microsoft Defender Antivirus needs to be at version 4.18.2108.X or above. Surprisingly, the cmdlets are listed as just supported when using PowerShell 5.1.
While the PowerShell tools are said to be available in early September, they'll work with the Microsoft Defender August platform.
About the Author
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.