Hello,
you should use Get-MpThreatDetection, this will not tell you the last scheduled scan result, but will give you the threats detected on the computer (even if it was detected by realtime scan for example)
Best regards
Lucas
way to get the results of the last scheduled scan
Teemo Tang
821
Reputation points
So with get-mpcomputerstatus (sample results below) is there any way to tell if the scheduled scan came back clean or if there were any infected files detected? I can see the last scheduled scan was 2/23/20, is there anyway to verify a clean result?
PS C:\> get-mpcomputerstatus
AMEngineVersion : 1.1.16800.2
AMProductVersion : 4.18.2001.7
AMServiceEnabled : True
AMServiceVersion : 4.18.2001.7
AntispywareEnabled : True
AntispywareSignatureAge : 0
AntispywareSignatureLastUpdated : 2/25/2020 6:59:23 AM
AntispywareSignatureVersion : 1.311.51.0
AntivirusEnabled : True
AntivirusSignatureAge : 0
AntivirusSignatureLastUpdated : 2/25/2020 6:59:23 AM
AntivirusSignatureVersion : 1.311.51.0
BehaviorMonitorEnabled : False
ComputerState : 0
FullScanAge : 2
FullScanEndTime : 2/23/2020 7:00:40 AM
FullScanStartTime : 2/23/2020 6:00:11 AM
IoavProtectionEnabled : True
IsTamperProtected : False
IsVirtualMachine : False
LastFullScanSource : 2
LastQuickScanSource : 0
NISEnabled : False
NISEngineVersion : 0.0.0.0
NISSignatureAge : 4294967295
NISSignatureLastUpdated :
NISSignatureVersion : 0.0.0.0
OnAccessProtectionEnabled : True
QuickScanAge : 4294967295
QuickScanEndTime :
QuickScanStartTime :
RealTimeProtectionEnabled : True
RealTimeScanDirection : 0
PS C:\>
PSComputerName :
Referring to question source: https://social.technet.microsoft.com/Forums/windows/en-US/3375edbf-6b3e-4ad7-91ec-359b6759094d/way-to-get-the-results-of-the-last-scheduled-scan?forum=win10itprosecurity
Windows for business | Windows Client for IT Pros | User experience | Other
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 31%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Lucas 266 Reputation points2020-04-04T21:03:51.793+00:00 -
Kiki Shi 531 Reputation points2020-03-02T06:57:18.42+00:00 Hi,
Welcome to our new Microsoft Q&A Platform.
Firstly, each of these properties provide you with information about the status of Windows Defender.
Let's take a look at some of them:
AMEngineVersion: version of the antimalware engine
NISEngineVersion: version of the network inspection system engine
AMServiceEnabled: activation of the antimalware service
AMProductVersion: antimalware client version
AMServiceVersion: antimalware service version
AntispywareEnabled: antispyware protection activation status
AntispywareSignatureLastUpdated: threat definitions' creation date
AntispywareSignatureVersion: antivirus signatures version
AntivirusSignatureVersion: antispyware signatures version
NISSignatureVersion: network inspection system signatures version
AntivirusEnabled: antivirus protection activation status
AntivirusSignatureLastUpdated: date and time of last update for the antivirus signatures
FullScanAge: number of days since the last system's full scan
FullScanEndTime: end date and time of the last full scan of the system
FullScanStartTime: start date and time of the last full scan of the system
NISEnabled: network inspection system activation status
NISSignatureLastUpdated: date and time of last update for the network inspection system's signatures
QuickScanAge: number of days since the last quick scan of the system
QuickScanEndTime: end date and time of the last quick scan of the system
QuickScanStartTime: start date and time of the last quick scan of the system
RealTimeProtectionEnabled: real-time protection activation status
Besides, if you want to verify a clean result, you could perform a system scan and there are two cmdlets that can be used to perform a system scan: Start-MpScan and Start-MpWDOScan.
More specific details please refer to the following Microsoft link:
Manage Windows Defender using PowerShell
Hope can help you.Have a nice day!
Kiki
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 8%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Aaron Roberts 0 Reputation points2026-06-10T14:39:17.6366667+00:00 So is it safe to say that if Get-MpThreatDetection returns nothing then no threats were detected? Just seems unintuitive that it wouldn't just say "X number of files scanned and 0 threats detected".
Sign in to comment -