Query Installed Antivirus

# Using wmic 
wmic /namespace:\\root\securitycenter2 path antivirusproduct

# Using powershell WMI
Get-CimInstance -Namespace root/securitycenter2 -Class antivirusproduct

Windows Defender

Windows Defender is windows's preinstalled AntiVirus solution.
Works in 3 modes:
- Active: When Defender is the primary AV.
- Passive: When 3rd party AV is installed. Works partially.
- Disabled: When Defender is fully disabled or uninstalled.

# Check if Microsoft defender is running
Get-Service windefend

# Check what elements of defender is running 
Get-MpComputerStatus | select realtimeprotectionenabled

# Disable Realtime Monitoring
Set-MpPreference -disableRealtimeMonitoring $true

Last updated 11 months ago