I’m trying to script Windows Defender to make a custom scan on a path and want to find out what actions it made.
So, the hypothesis is to run Start-MpScan, wait for the job to finish and then use Get-MpThreatDetection to find out what happened. But I don’t seem to be able to get all the actions taken as I would kind of expect. In particular, files that are quarantined don’t generally show up, and I don’t quite understand why.
The files are shown in Windows Defender as quarantined, so it’s obviously possible to get the information, but it seems not to be easily accessible from PS.
Any thoughts? Would be most appreciated.