2021/08/30

Schedule Full Windows Defender Scan

 In the organization where I work, there is a BYOD policy. However one's own device needs to install a corporate policy enforcer application, called OPSWAT. Organization policy is configured that if a Full Windows Defender Scan isn't performed within a week - the trust in Windows Defender is admirable - then connection to corporate resources is blocked. Now running a full scan periodically is tedious (Start menu > Windows Security > Virus & threat protection > Scan options > Full scan, Scan now).

Instead I opted to automate the full scan. As it turns out Windows' own Task scheduler is prepared with a template which one only needs to tweak a little. So go to Start Menu, then type in Task. Go into task scheduler and go down in Task Scheduler Library > Microsoft > Windows > Windows Defender > Windows Defender Scheduled Scan. The only problem is, that the predefined job is only for Quick scan, not a full one.


First we need to modify the actual command which needs to be executed. The program itself is correct, however the arguments should say Scan -ScanType 2. (Where 2 stands for global scan) No other arguments are needed.



The other bit is the trigger. Since I am running my Windows instance in a VM, I opted for a daily scheduled run. If you need to do this on your main machine, then I'd recommend to set the schedule up a less frequent scan. (Since it's a VM, it only has files which are strictly necessary for my work, hence the runtime is below 5m. YMMW)



One last tip: Sometimes Windows defender exits with an error code (0x2 was the most common) when only the above two options are set. It happened to me as well. Once I changed the user from SYSTEM into my local admin one, this error went away. I am not sure if this is the correct solution, but it is most certainly a viable workaround.



No comments:

Post a Comment