Why are your Windows Defender antivirus scans slow? Here’s how to find out

Here are the basics: Microsoft Defender is the virus protection integrated into Windows by default. If no other antivirus program is installed and activated, Defender protects you against viruses. You can check whether Defender is active for you via Windows icon > All apps > Windows security > Virus and threat protection and then under “Who is protecting me” on the right-hand side. Look for “Microsoft Defender Antivirus.”

The Defender has a virus guard that constantly analyzes every new file. It also regularly scans all files on your system. The tool tries to start this scan only when you are not using your PC. Users who often leave their computer idle may not even notice the scan. Other users may be disturbed by the scan as it consumes both CPU power and hard drive access time. To find out why the Defender takes so long to perform a scan, please follow these steps.

Further reading: Best antivirus software 2024: Keep your PC safe from malware, spyware, and more

Chris Hoffman/IDG

Chris Hoffman/IDG

Chris Hoffman/IDG

Start a log of the virus scan. Start the virus scan. And analyze the log. You do not need to type in the following commands. Microsoft provides them here for copying. You only need to adapt the name and path of the log file with the extension .etl to your circumstances. This is how it works:

1.Start the log: Open Powershell with administrator rights. To do this, right-click on the Windows icon and select “Terminal (Administrator).” Enter this command there:

New-MpPerformanceRecording -RecordTo c:Defenderscans.etl 

The log starts and runs until you press the Enter key in the terminal. You will then find the recording in the file “Defender-scans.etl” on drive C: You can change the file name and path as you wish. However, before you press the Enter key, you must start a virus scan.

2.Start a virus scan: Open Windows icon > All apps > Windows security > Virus and threat protection > Scan options > Full scan > Scan now. You can now continue to use your computer as you are used to in order to reproduce the disruptive effects during a scan. Or you can run your scan without using the PC. After the scan, switch back to the terminal and press Enter.

3. Analyze log: You can convert the log into a CVS file and open it in Excel. In the “Duration” column, you can see which files took the Defender the longest to scan. Use this command to convert the recorded log:

(Get-MpPerformanceReport -Path c:Defender-scans.etl -Topscans 100). TopScans | ConvertTo-Csv -NoTypeInformation 

Microsoft offers the option of analyzing the log in Powershell. To display the 20 files with the longest scan times, for example, enter the following:

Get-MpPerformanceReport -Path c:Defender-scans.etl -TopScans 20 

IDG

IDG

IDG

On our test system, we noticed during this evaluation that the Defender takes around six minutes to scan an ISO file in the recycle bin. By emptying the recycle bin, we were able to save this time for the next scan. Another command for analyzing the log only takes into account the top 10 for scan duration, file extensions, processes and files:

Get-MpPerformanceReport -Path c:Defender-scans.etl -TopFiles 10 -TopExtensions 10 -TopProcesses 10 -TopScans 10

This article was translated from German to English and originally appeared on pcwelt.de.

Author: Arne Arnold