Scheduling a Windows Defender Full Scan

Currently Microsoft sets up Windows Defender to automatically perform all of the tasks the vast majority of people need. However some people would prefer to have a regularly scheduled full scan. It used to be just a matter of editing one of the preset tasks to set up this function. It appears Microsoft has made some recent changes that makes obsolete all the instructions on the web that I found. So here is my take on setting up a scheduled full scan.

  1. Open Task Scheduler by pressing and releasing the Windows key, or clicking the start menu icon, and then type tas. Then select Task Scheduler from the list.
    ScheduledDefender00  ScheduledDefender01
  2. In the upper right of the Task Scheduler click on Create Basic Task.
  3. When the Create Basic Task Wizard opens, enter a Name for the task and optionally a description then click Next.
  4. Choose the type of trigger you want for the task and click Next.
  5. Set the specific items for the task’s trigger and click Next.
  6. Choose the Start a Program option and click Next.
  7. Enter the Program/script to execute and the argument.
    a. To use the GUI version of Windows Defender enter:

    "%ProgramFiles%\Windows Defender\MSASCui.exe"

    b. To use the command line version of Windows Defender, enter:

    "%ProgramFiles%\Windows Defender\MpCmdRun.exe"
    -Scan -ScanType 2

    There are other variations you can use, see How to use Windows Defender with Command Prompt on Windows 10 for details.ScheduledDefender07

  8. Click Finish to save the task.
  9. Scroll the list to make sure that the …
    task has been scheduled the way you expected.
  10. Test out the program and argument settings by right clicking the task and selecting Run.
  11. If you set up for the GUI version to run you should see this.
    As of 4/7/2018 Defender on my Win 10 Pro looks like this:
    If you set up for the command line version to run you should see this.

After setting this up on my always logged in and awake desktop I realized the settings I used will fail if the Windows 10 PC/laptop logs you out and/or goes to sleep. To make this work in that situation edit the following settings.

  1. Right click on the task you created and select Properties.
  2. On the General tab change the Configure for: drop down list to Windows 10. That change is not strictly needed but it emphasizes that I’ve only tested this on Windows 10 so use on other/older versions may not work.
    Now click the Change User or Group… button.ScheduledDefenderA02
  3. In the text box type system and then click the Check Names button.
  4. The text you entered will change to SYSTEM to indicate it checked out fine. Click the OK button to finish the user change operation.
  5. You’ll be taken back to the General tab and it will show NT AUTHORITY\SYSTEM and the Run only when user is logged on radio button is selected and grayed out.
    If after you finish the next steps you check this setting again you will see it has been changed by Windows to SYSTEM and the Run whether the user is logged on or not.
  6. Click the Conditions tab and check the box that says Wake the computer to run this task. Then click the OK button to finish changing the settings.

That should be all you need to get it working, if you have any questions, comments or suggestions please leave a comment or send me an email.

%d bloggers like this: