Forum Discussion
Microsoft Defender analysis
Hi,
Is there log information which I can find the scan is fully scan or quick scan? How to check the scan is fully scan ?Thanks.
1 Reply
Below KQL should help,
DeviceEvents
| where DeviceName contains "DeviceName"
| where ActionType == "AntivirusScanCompleted"
| extend ScanTypeIndex = tostring(parse_json(AdditionalFields).ScanTypeIndex)
| summarize by Timestamp, DeviceName, ActionType, ScanTypeIndex
you can additionally include if you want only specific scan type = Full or Quick.
| where ScanTypeIndex contains "full"
| where ScanTypeIndex contains "quick"
