This repository contains scripts used to access, run, and troubleshoot Microsoft Defender for Endpoint (MDE) / Microsoft Defender Antivirus (MDAV) Performance Analyzer.
Use these scripts to help:
- Run Performance Analyzer data collection.
- Troubleshoot Defender performance concerns (for example, high CPU, high disk I/O, long scan times, or general performance degradation).
- Standardize and repeat diagnostic collection steps.
- Scripts that assist with starting/stopping and automating Performance Analyzer collections.
- Supporting utilities and helper content used during troubleshooting.
-
- Quick starter commands for collecting an MDAV Performance Analyzer recording (
New-MpPerformanceRecording) and generating common reports (Get-MpPerformanceReport). - Notes:
- Update the
-Pathvalue to the location of your.etlrecording.
- Update the
- Quick starter commands for collecting an MDAV Performance Analyzer recording (
-
- Continuously downloads the EICAR test file in a loop for demo/testing scenarios.
- Notes:
- Use only in controlled test environments.
- Stop with Ctrl+C.
- Scripts are provided as-is with no warranties or guarantees.
- Review and understand scripts before running them. Test in a non-production environment first.
- Follow your organization’s change-control and security policies.
- You are responsible for any impact to system performance, stability, security, telemetry, or compliance.