Get-MpThreatDetection

Applies To: Windows 10 Technical Preview, Windows Server Technical Preview

Get-MpThreatDetection

Gets active and past malware threats that Windows Defender detected.

Syntax

Parameter Set: DefaultSet
Get-MpThreatDetection [-InformationAction {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend}[] ] [-InformationVariable <System.String[]> ] [ <CommonParameters>] [ <WorkflowParameters>]

Parameter Set: ById
Get-MpThreatDetection [-CimSession <CimSession[]> ] [-InformationAction {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend}[] ] [-InformationVariable <System.String[]> ] [-ThreatID <Int64[]> ] [-ThrottleLimit <Int32> ] [ <CommonParameters>] [ <WorkflowParameters>]




Detailed Description

The Get-MpThreatDetection cmdlet gets active and past malware threats that Windows Defender detected on the computer. If Windows Defender has detected the threat that you specify, this cmdlet returns a list that shows each time Windows Defender detected the threat.

Parameters

-CimSession<CimSession[]>

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.


Aliases

Session

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-InformationAction<System.Management.Automation.ActionPreference[]>

Aliases

infa

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-InformationVariable<System.String[]>

Aliases

iv

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-ThreatID<Int64[]>

Specifies an array of threat IDs. This cmdlet gets the threats that you specify.


Aliases

ID

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-ThrottleLimit<Int32>

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters (http://go.microsoft.com/fwlink/p/?LinkID=113216).

<WorkflowParameters>

This cmdlet supports the following workflow common parameters: -PSParameterCollection, -PSComputerName, -PSCredential, -PSConnectionRetryCount, -PSConnectionRetryIntervalSec, -PSRunningTimeoutSec, -PSElapsedTimeoutSec, -PSPersist, -PSAuthentication, -PSAuthenticationLevel, -PSApplicationName, -PSPort, -PSUseSSL, -PSConfigurationName, -PSConnectionURI, -PSAllowRedirection, -PSSessionOption, -PSCertificateThumbprint, -PSPrivateMetadata, -AsJob, -JobName, and –InputObject. For more information, see    about_WorkflowCommonParameters.

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

Outputs

The output type is the type of the objects that the cmdlet emits.

Examples

Example 1: Get threats that Windows Defender detected

This command returns the list of past malware detections for the local computer.


PS C:\> Get-MpThreatDetection

Related topics

Community Additions

ADD
Show: