Windows Defender Functions

Functions called by apps to request scans, signature updates, or information from Windows Defender.

Function	Description
MpErrorMessageFormat	Returns a formatted error message based on an error code.
MpFreeMemory	Frees memory for the malware protection manager.
MpHandleClose	Closes the handle returned by MpManagerOpen, MpScanStart, MpThreatOpen, or MpUpdateStart.
MpManagerOpen	Establishes a connection to the malware protection manager on the local computer.
MpManagerStatusQuery	Not supported. Returns status information about various components of the malware protection manager.
MpManagerStatusQueryEx	Returns status information about various components of the malware protection manager.
MpManagerVersionQuery	Returns version information about various components of the malware protection manager.
MpScanControl	Allows the control of a scan that was asynchronously initiated via MpScanStart.
MpScanStart	Starts a scanning operation.
MpThreatEnumerate	Returns information about the next threat in the enumeration list. This function can be called repeatedly until the enumeration of all the threats is complete.
MpThreatOpen	Returns an enumeration handle for the purpose of retrieving threats. This function can be used to open threats detected by a specific scan, all the active threats in the system, the history of threat disinfection, or all the threats present in the signature database.
MpThreatQuery	Used to query static (such as severity and category) or localized (such as category description and advice) information about a particular threat.
MpUpdateControl	Allows the control of a signature update operation that was asynchronously initiated via MpUpdateStart.
MpUpdateStart	Starts a signature update operation.
WDEnable	Changes Windows Defender status to on or off. Note: Beginning in Windows 10, version 1607 and Windows Server 2016, the WDEnable function always returns E_NOTIMPL.
WDStatus	Returns the current status of Windows Defender.