Test-MtMdeRealtimeMonitoring

SYNOPSIS

Checks if real-time monitoring is enabled in Microsoft Defender Antivirus policies

SYNTAX

Test-MtMdeRealtimeMonitoring [[-ComplianceLogic] <String>] [[-PolicyFiltering] <String>]
 [-ProgressAction <ActionPreference>] [<CommonParameters>]

DESCRIPTION

Verify that real-time monitoring is enabled as core protection function. Disabled real-time monitoring allows malware to execute without immediate detection.

EXAMPLES

EXAMPLE 1

Test-MtMdeRealtimeMonitoring

Returns true if all assigned Defender AV policies have real-time monitoring enabled.

PARAMETERS

-ComplianceLogic

Determines how policy compliance is evaluated. 'AllPolicies' requires every assigned policy to be compliant; 'AnyPolicy' requires at least one. Default: 'AllPolicies'.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 1
Default value: AllPolicies
Accept pipeline input: False
Accept wildcard characters: False

-PolicyFiltering

Determines which Defender Antivirus policies are evaluated. 'OnlyAssigned' (default) checks only assigned policies; 'IncludeUnassigned' includes unassigned policies; 'All' includes every policy.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 2
Default value: OnlyAssigned
Accept pipeline input: False
Accept wildcard characters: False

-ProgressAction

{{ Fill ProgressAction Description }}

Type: ActionPreference
Parameter Sets: (All)
Aliases: proga

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

System.Boolean

NOTES

RELATED LINKS

https://maester.dev/docs/commands/Test-MtMdeRealtimeMonitoring