1

I'm currently writing a script to use Windows Defender for scanning various files. I've read the documentation on Microsoft Docs - StartMpScan, however I am running into an issue when attempting to scan a single file or folder.

Documentation dictates that I use -ScanPath to indicate a selective scan, so it would look like this;

Start-MpScan -ScanPath "C:\Path\To\File\or\Folder"

However, when I run the scan it can take upwards of 5-10 minutes to scan a single 1kb file, or folder with a few 1kb files inside! This the case even when using a quickscan. I figured something was wrong with this so I tried using the right-click context option on one of these files to "Scan with Windows Defender..." and each time it was almost instantaneously scanned.

These are my current specs:

OS: Windows 10 Educational

OS Version: 1903

OS Build: 18362.476

Powershell Version: 6.2.3

Am I missing something in my syntax or am I just not that bright?

Community
  • 1
  • 1
Hebon
  • 195
  • 1
  • 1
  • 6

1 Answers1

1

From my reading of the (pretty poor) documentation, -QuickScan doesn't just scan that path, it does a scan of StartUp and other System items too.

I think the option you need is -CustomScan - seems to work a lot faster on my PC.

Scepticalist
  • 3,737
  • 1
  • 13
  • 30
  • This was it. I'm surprised that passing the argument of -ScanPath doesn't automatically change the scan range. But knowing this has helped a lot. Thank you. – Hebon Nov 15 '19 at 18:26
  • It seems similar to the actual UI in Settings...to scan single files or folders, your have to click Custom Scan radio button, then navigate/select your subset. In the Cmdlet's case, you specify the -ScanType parameter for MpScan to be 'CustomScan', then reference the file(s) or Folder in '-ScanPath' – BentChainRing Oct 28 '21 at 20:41