Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article describes how to configure scheduled scans using PowerShell cmdlets. To learn more about scheduling scans and about scan types, see About scheduled quick or full Microsoft Defender Antivirus scans.
Prerequsites
Supported operating systems
- Windows
- Windows Server
Use PowerShell cmdlets for scheduling daily quick scans
Use the following cmdlets:
Set-MpPreference -ScanScheduleQuickScanTime
Note
The time value is represented as the number of minutes past midnights (00:00 or 12:00 a.m.), For example, 120 is equivalent to 2:00 AM. The schedule is based on local time on the device where the scan is executing.
To set a daily quick scan run on the Windows clients at 12:00 PM. (720). In this example, we use lunch time, since many devices nowadays are turned off after-hours (For example, laptops and/or tablets).
Set-MpPreference -ScanScheduleQuickScanTime 720
To disable the daily quick scan, set this value to 0
Set-MpPreference -ScanScheduleQuickScanTime 0
Use PowerShell cmdlets to scheduling weekly quick or full scans
Use the following cmdlets:
Set-MpPreference -ScanParameters
Set-MpPreference -ScanScheduleDay
Set-MpPreference -ScanScheduleOffset
Tip
We recommend using the ScanScheduleOffset instead of ScanScheduleTime.
-ScanParameters, specifies the scan type to use during a scheduled scan. The acceptable values for this parameter are:
1: Quick scan
2: Full scan
-ScanScheduleDay
Specifies the day of the week on which to perform a scheduled scan. Alternatively, specify everyday for a scheduled scan or never. The acceptable values for this parameter are:
0: Everyday
1: Sunday
2: Monday
3: Tuesday
4: Wednesday
5: Thursday
6: Friday
7: Saturday
8: Never
The default value is 8, never. If you specify a value of 8 or don't specify a value, Windows Defender doesn't perform scheduled scans.
-ScanScheduleOffset
This setting allows you to configure the number of minutes after midnight to perform a scheduled scan. The local time on the endpoint is used to determine when the scan occurs. If you enable this setting, the scheduled scan runs at the specified time. If you disable or don't enable this setting, the scheduled scan will default to running two hours (120 minutes) after midnight.
For example, setting the weekly scheduled scan for a quick scan, that runs every Wednesday at 12:00 PM (lunch time)
Set-MpPreference -ScanParameters 1
Set-MpPreference -ScanScheduleDay 4
Set-MpPreference -ScanScheduleOffset 720
Tip
We recommend setting the scheduled scans for a quick scan with Real-Time Protection enabled, Cloud Protection enabled and having the network connectivity to the Cloud Protection backend.
Use PowerShell cmdlets to set the general settings for Scheduled scan
| Description | Setting | PowerShell cmdlet |
|---|---|---|
| Check for Security Intelligence Updates Before Running Scan | Disabled/Not configured (Default) | Set-MpPreference -CheckForSignaturesBeforeRunningScan Boolean For example: Set-MpPreference -CheckForSignaturesBeforeRunningScan $False |
| Check for Security Intelligence Updates Before Running Scan | Disabled/Not configured (Default) | Set-MpPreference -CheckForSignaturesBeforeRunningScan Boolean For example: Set-MpPreference -CheckForSignaturesBeforeRunningScan $False |
| Randomize Schedule Task Times | Disabled/Not configured (Default) | Set-MpPreference -RandomizeScheduleTaskTimes Boolean Example for physical devices: Set-MpPreference -RandomizeScheduleTaskTimes $False Example for Virtual Machines (VMs) or Virtual Desktop Infrastructure (VDIs) or Azure Virtual Desktop (AVD): Set-MpPreference -RandomizeScheduleTaskTimes $True Note: The default randomization time is within an interval of 30 minutes after the specified start time, if the "Scheduler Randomization Time" is also not configured. Note 2: Applies to scheduled scans. |
| Scheduler Randomization Time | 0/Not Configured (Default, Scheduled tasks aren't randomized) | Set-MpPreference -SchedulerRandomizationTime UInt32 For example: Set-MpPreference -SchedulerRandomizationTime 1 Note: If Randomize Schedule Task Times is "Not configured" and "Randomize Schedule Task Times" is also set to "Not configured," then the system will use the default behavior within an interval of 30 minutes after the specific start time. Note: If you enable this setting, you must pick a randomization window in hours between 1 and 23. Note 2: Applies to scheduled scans. |
| Avg CPU Load Factor | 50/Not Configured (Default) | Set-MpPreference -ScanAvgCPULoadFactor Byte For example: Set-MpPreference -ScanAvgCPULoadFactor 50 Note: The default value is 50. The acceptable values are 5 through 100. Note 2: The lower you set it, the longer the scan takes. Note 3: If both ScanOnlyIfIdleEnabled and DisableCpuThrottleOnIdleScans are both enabled, then the value of ScanAvgCPULoadFactor is ignored. |
| Start the scheduled scan only when device is on but not in use | True/Not Configured (Default) | Set-MpPreference -ScanOnlyIfIdleEnabled Boolean For example: Set-MpPreference -ScanOnlyIfIdleEnabled $True Note: Applies to scheduled scans. |
| Disable CPU throttle on idle scans | Enabled/Not Configured (Default) | Set-MpPreference -DisableCpuThrottleOnIdleScans Boolean For example: Set-MpPreference -DisableCpuThrottleOnIdleScans $True Idle here means 90% of CPU utilization or below |
| Enable Low CPU Priority | Disabled/Not Configured (Default) | Set-MpPreference -EnableLowCpuPriority Boolean For example: Set-MpPreference -EnableLowCpuPriority $False |
| Disable Catchup Full Scan | Disabled/Not Configured (Default) | Set-MpPreference -DisableCatchupFullScan Boolean For example: Set-MpPreference -DisableCatchupFullScan $True |
| Disable Catchup Quick Scan | Disabled/Not Configured (Default) | Set-MpPreference -DisableCatchupQuickScan Boolean For example: Set-MpPreference -DisableCatchupQuickScan $True |
| Enable full scan on battery power | Disabled/Not Configured (Default) | Set-MpPreference -EnableFullScanOnBatteryPower Boolean For example: Set-MpPreference -EnableFullScanOnBatteryPower $False |
For more information, see Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus and Defender Antivirus cmdlets.
PowerShell cmdlets for scheduling scans to complete remediation
Use the following cmdlets:
Set-MpPreference -RemediationScheduleDay
Set-MpPreference -RemediationScheduleTime
See also
Troubleshoot Microsoft Defender Antivirus scan issues
Use PowerShell cmdlets to configure and manage Microsoft Defender Antivirus
Set the PowerShell cmdlet to configure and manage Microsoft Defender Antivirus
Defender Antivirus specific PowerShell functions
Tip
If you're looking for Antivirus related information for other platforms, see:
- Set preferences for Microsoft Defender for Endpoint on macOS
- Microsoft Defender for Endpoint on Mac
- macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune
- Set preferences for Microsoft Defender for Endpoint on Linux
- Microsoft Defender for Endpoint on Linux
- Configure Defender for Endpoint on Android features
- Configure Microsoft Defender for Endpoint on iOS features
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.