Defender

How to Check Windows Defender Status and Version with a Single PowerShell Script

Microsoft Defender Antivirus (formerly Windows Defender) is the built-in, essential security layer for modern Windows systems. As a system administrator or power user, you need a fast, reliable way to verify its operational status, check for the latest definition updates, and confirm key protection features are active.

While you could navigate through the GUI, PowerShell offers a much quicker, automatable solution.

The Defender Status Checker Script

The following PowerShell function, Get-DefenderStatusAndVersion, uses the native Get-MpComputerStatus cmdlet to retrieve a comprehensive security report on your machine.

Prerequisites

  • Operating System: Windows 8.1, Windows 10, Windows 11, or Windows Server 2016/2019/2022.
  • Permissions: You may need to run PowerShell with Administrator privileges to access all status details without error.

The PowerShell Script

Save the following code as Check-DefenderStatus.ps1.

PowerShell: Microsoft Defender Health Check 
<#
.SYNOPSIS
  Checks and displays the current status and version information for Microsoft Defender Antivirus.
#>
function Get-DefenderStatusAndVersion {
    if (-not (Get-Module -ListAvailable -Name 'Defender')) {
        Write-Error "The 'Defender' module is not found."
        return
    }

    Write-Host "--- Microsoft Defender Antivirus Status ---" -ForegroundColor Cyan

    # 1. Get Core Service Status
    try {
        $Service = Get-Service -Name 'WinDefend' -ErrorAction Stop
        Write-Host "Service Status (WinDefend): $($Service.Status)" -ForegroundColor Green
    }
    catch {
        Write-Error "Could not retrieve WinDefend service status."
    }

    # 2. Get detailed computer status and versions
    try {
        $MpStatus = Get-MpComputerStatus -ErrorAction Stop

        Write-Host "`n--- Version Information ---" -ForegroundColor Cyan
        Write-Host "Product Version: $($MpStatus.AMProductVersion)"
        Write-Host "Engine Version: $($MpStatus.AMEngineVersion)"
        Write-Host "Antivirus Signature: $($MpStatus.AntivirusSignatureVersion)"

        Write-Host "`n--- Protection Status ---" -ForegroundColor Cyan
        Write-Host "Antivirus Enabled: $($MpStatus.AntivirusEnabled)"
        Write-Host "Real-time Protection: $($MpStatus.RealTimeProtectionEnabled)"
        Write-Host "Tamper Protection: $($MpStatus.IsTamperProtected)"
    }
    catch {
        Write-Error "Failed to retrieve detailed status. Run as Administrator."
    }

    Write-Host "`n--- End Report ---" -ForegroundColor Cyan
}

Get-DefenderStatusAndVersion

Understanding the Key Output Fields

The script formats the output from Get-MpComputerStatus into easily digestible sections:

Output FieldDescriptionImportance
Service Status (WinDefend)The state of the core Microsoft Defender Antivirus service. Must be Running.Critical (If not running, the AV is offline.)
Product Version (AMProductVersion)The main version number of the Defender Antivirus client software itself.High (Indicates the core framework version.)
Engine Version (AMEngineVersion)The version of the scanning and detection engine.High (Newer engines offer better performance.)
Antivirus Signature (AntivirusSignatureVersion)The version of the malware definitions. This should be a very recent number.Critical (Needs to be current for threat detection.)
Real-time Protection (RealTimeProtectionEnabled)Indicates if file, registry, and program monitoring is actively running. Must be True.Critical
Behavior Monitoring (BehaviorMonitoringEnabled)Indicates if Defender is monitoring process behavior for suspicious activity (e.g., ransomware-like actions). Must be True.High
Tamper Protection (IsTamperProtected)Shows if security settings are locked down to prevent malicious apps from disabling Defender. Should be True.High (Prevents self-disablement attacks.)
Last Signature UpdateThe date and time the definitions were last updated. This should be within the last day or two.High (Indicates update health.)

Summary

This simple, reusable PowerShell script is an essential tool for quickly verifying the health and currency of your Windows Defender installation. Just save it, run it (as Administrator if possible), and instantly get a clear snapshot of your system’s core protection status.

Related Posts