0

On a Windows 10 machine, I have been trying to set the time of virus scans using the following PowerShell commands.

Set-MpPreference -ScanParameters FullScan
Set-MpPreference -ScanScheduleDay Monday
Set-MpPreference -ScanScheduleTime (Get-Date 20:00)
Set-MpPreference -ScanOnlyIfIdleEnabled 0

Set-MpPreference -ScanScheduleQuickScanTime (Get-Date 10:00)

However, Windows Defender doesn't seem to obey any of my instructions. Looking on the Event Viewer > Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational, I see that Windows has been doing quick scans, but not at the time I specified. Sometimes later, sometimes earlier. Also it has not done a single full scan since I ran this script.

enter image description here

What's more, after running this script, it seems that my "Windows Defender Scheduled Scan" task in Task Scheduler was deleted. I expected that the Mp-Preference code would modify this scheduled scan task, not delete it.

Has anyone else found that Set-MpPreference also doesn't work for them? Or can anyone confirm that it does work for them? If so, did you have to do anything to make it work? Thanks.

JosefZ
  • 1,514
  • 1
  • 10
  • 18
Philip
  • 63
  • 4
  • I don't understand why this question was downvoted. Was it because the code was not formatted at first? It is now. – Philip Jun 06 '22 at 05:29
  • 1
    Probably because the question is better suited for [su]. Some people rather vote down than to close for off topic questions. – Gerald Schneider Jun 06 '22 at 05:46
  • I see, thanks. However, I believe that Super User is for individuals and Server Fault is for IT professionals managing many computers, and I am actually trying to use this script on many computers. – Philip Jun 06 '22 at 07:20
  • In that case, you would probably be better off to set the configuration via group policy. That would also definitely be on topic. – Gerald Schneider Jun 06 '22 at 10:21

1 Answers1

2

According to the documentation for the Set-MpPreference cmdlet, the -ScanScheduleTime parameter:

Specifies the time of day, as the number of minutes after midnight, to perform a scheduled scan.

On my system, your input to that parameter gives:

PS> Get-Date 20:00

06 June 2022 20:00:00

It's therefore possible that schedules the run to only be on this particular day, or does something undefined. So perhaps try something like:

Set-MpPreference -ScanScheduleTime (New-TimeSpan -Hours 20).TotalMinutes

I would also point out however that the -ScanScheduleTime parameter only appears in the documentation for Windows Server 2022 - not in the one for Windows 10. Since it's not complaining of an unknown parameter it's likely still there, but that's something to keep in mind.

Argy Megalios
  • 136
  • 3
  • 2
    Thank you so much sir. Your tips helped me get it solved. ScanScheduleQuickScanTime takes a DateTime, but ScanScheduleTime takes an int, as you pointed out. And you were right, ScanScheduleTime should not be used in Windows 10, instead there is a parameter called ScanScheduleOffset that takes an int. Also I had to set RandomizeScheduleTaskTimes to $false. – Philip Jun 08 '22 at 01:46