New-MpPerformanceRecording
This cmdlet collects a performance recording of Microsoft Defender Antivirus scans.
Syntax
New-MpPerformanceRecording
-RecordTo <String>
[-Session <PSSession[]>]
[-WPRPath <String>]
[<CommonParameters>] New-MpPerformanceRecording
-RecordTo <String>
-Seconds <Int32>
[-Session <PSSession[]>][-WPRPath <String>]
[<CommonParameters>] Description
This cmdlet collects a performance recording of Microsoft Defender Antivirus scans. These performance recordings contain Microsoft-Antimalware-Engine and NT kernel process events and can be analyzed after collection using the Get-MpPerformanceReport cmdlet.
This cmdlet requires elevated administrator privileges.
The performance analyzer provides insight into problematic files that could cause performance degradation of Microsoft Defender Antivirus. This tool is provided "AS IS", and is not intended to provide suggestions on exclusions. Exclusions can reduce the level of protection on your endpoints. Exclusions, if any, should be defined with caution.
Examples
EXAMPLE 1
New-MpPerformanceRecording -RecordTo:.\Defender-scans.etlParameters
-RecordTo
Specifies the location where to save the Microsoft Defender Antivirus performance recording.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Seconds
Specifies the duration of the performance recording in seconds.
| Type: | Int32 |
| Position: | Named |
| Default value: | 0 |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Session
Specifies the PSSession object in which to create and save the Microsoft Defender Antivirus performance recording. When you use this parameter, the RecordTo parameter refers to the local path on the remote machine.
| Type: | PSSession[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WPRPath
Optional argument to specifiy a different tool for recording traces. Default is wpr.exe When $Session parameter is used this path represents a location on the remote machine.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |