If windows defender is disabled can you later (through a script) enable, run a scan and then disable it via a powershell script that is invoked as part of the scheduler?
If this is possible then figuring out a way to email problems will be the next hurdle.
This is within a windows 2016 server environment.
Yes this should be possible with powershell on Windows Server 2016.
Commands obtained from technet (https://technet.microsoft.com/en-us/library/dn433280(v=wps.630).aspx)
Please see the below.
Set-MpPreference -DisableRealtimeMonitoring $false
Start-MpScan -ScanType FullScan
$Report = Get-MpThreat | ConvertTo-Html
If ($Report -ne $null){
Send-MailMessage -From <SenderAddress> -to <RecipientAddress> -SmtpServer <SMTPServer> -Subject "Defender Report" -Body $Report
}
Set-MpPreference -DisableRealtimeMonitoring $true
I can confirm that the scan works and the real time monitoring gets disabled, however as my WS2016 environment is clean I am unable to test the report.
This can be saved as a ps1 file and used in task scheduler.
Things that could have an impact is other anti-virus suites disable and prevent defender from being enabled, eset being an example.
hopefully this helps.
