| description | external help file | Module Name | ms.date | online version | schema | title |
|---|---|---|---|---|---|---|
The Add-MpPreference cmdlet modifies settings for Windows Defender. |
MSFT_MpPreference.cdxml-help.xml |
Defender |
12/20/2016 |
2.0.0 |
Add-MpPreference |
Modifies settings for Windows Defender.
Add-MpPreference
[-AsJob]
[-AttackSurfaceReductionOnlyExclusions <String[]>]
[-AttackSurfaceReductionRules_Actions <ASRRuleActionType[]>]
[-AttackSurfaceReductionRules_Ids <String[]>]
[-CimSession <CimSession[]>]
[-ControlledFolderAccessAllowedApplications <String[]>]
[-ControlledFolderAccessProtectedFolders <String[]>]
[-ExclusionExtension <String[]>]
[-ExclusionIpAddress <String[]>]
[-ExclusionPath <String[]>]
[-ExclusionProcess <String[]>]
[-Force]
[-ThreatIDDefaultAction_Actions <ThreatAction[]>]
[-ThreatIDDefaultAction_Ids <Int64[]>]
[-ThrottleLimit <Int32>]
[<CommonParameters>]
The Add-MpPreference cmdlet modifies settings for Windows Defender. Use this cmdlet to add
exclusions for file name extensions, paths, and processes, and to add default actions for high,
moderate, and low threats.
Add-MpPreference -ExclusionPath 'C:\Temp'This command adds the folder C:\Temp to the exclusion list. The command disables Windows Defender scheduled and real-time scanning for files in this folder.
Add-MpPreference -ControlledFolderAccessAllowedApplications 'c:\apps\test.exe'This command allows the specified application to make changes in controlled folders.
Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.
The cmdlet immediately returns an object that represents the job and then displays the command
prompt. You can continue to work in the session while the job completes. To manage the job, use the
*-Job cmdlets. To get the job results, use the
Receive-Job cmdlet.
For more information about Windows PowerShell background jobs, see about_Jobs.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the files and paths to exclude from attack surface reduction (ASR) rules. Specifies the
folders or files and resources that should be excluded from ASR rules. Enter a folder path or a
fully qualified resource name. For example, C:\Windows excludes all files in that directory.
C:\Windows\App.exe excludes only that specific file in that specific folder.
See the ASR rules topic for more information about excluding files and folders from ASR rules.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the states of attack surface reduction rules specified by using the AttackSurfaceReductionRules_Ids parameter. If you add multiple rules as a comma-separated list, specify their states separately as a comma-separated list.
Type: ASRRuleActionType[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the IDs of attack surface reduction rules. Use the AttackSurfaceReductionRules_Actions parameter to specify the state for each rule. If you add multiple rules as a comma-separated list, specify their states separately as a comma-separated list.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseRuns the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.
Type: CimSession[]
Parameter Sets: (All)
Aliases: Session
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies applications that can make changes in controlled folders.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies more folders to protect.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies an array of file name extensions, such as obj or lib, to exclude from scheduled, custom,
and real-time scanning. This cmdlet adds these file name extensions to the exclusions.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies an array of IP addresses to exclude from scheduled and real-time scanning.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies an array of file paths to exclude from scheduled and real-time scanning. You can specify a folder to exclude all the files under the folder.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies an array of processes, as paths to process images. This cmdlet excludes any files opened by the processes that you specify from scheduled and real-time scanning. Specifying this parameter excludes files opened by executable programs only. The cmdlet does not exclude the processes themselves. To exclude a process, specify it by using the ExclusionPath parameter.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseForces the command to run without asking for user confirmation.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies an array of the actions to take for the IDs specified by using the ThreatIDDefaultAction_Ids parameter. The acceptable values for this parameter are:
1: Clean2: Quarantine3: Remove6: Allow8: UserDefined9: NoAction10: Block
Type: ThreatAction[]
Parameter Sets: (All)
Aliases: tiddefaca
Accepted values: Clean, Quarantine, Remove, Allow, UserDefined, NoAction, Block
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies an array of threat IDs. This cmdlet adds the default action for the threat IDs that you specify.
Type: Int64[]
Parameter Sets: (All)
Aliases: tiddefaci
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the maximum number of concurrent operations that can be established to run the cmdlet. If
this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an
optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the
computer. The throttle limit applies only to the current cmdlet, not to the session or to the
computer.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.