IBM Support

Error Message: 'Get-mpcomputerstatus' is not recognized as a command

How To


Summary

The error message "'get-mpcomputerstatus' is not recognized as a command" typically occurs in PowerShell (or Command Prompt) when attempting to run the cmdlet `Get-MpComputerStatus`.

Objective

This cmdlet is part of the Defender module, which provides information about the status of Microsoft Defender Antivirus (e.g., signature versions, scan history, and protection states). The issue arises because PowerShell can't locate the cmdlet due to one or more of the following reasons:

- The Defender module is not imported.

- Microsoft Defender Antivirus is not installed or enabled on the system.

- You're running an older version of Windows (e.g., Server 2012/2016) where the module may not be available by default.

- The command is being executed in a context (e.g., via a monitoring tool like Nagios) with restricted execution policies or paths.

- The Windows Security service (`WinDefend`) is stopped or misconfigured.

 

Note: The cmdlet name is case-insensitive in PowerShell, so `get-mpcomputerstatus` should work the same as `Get-MpComputerStatus`. If you're typing this in Command Prompt (cmd.exe), it won't work at all—switch to PowerShell.

Environment

Microsoft Defender, PowerShell, Windows

Steps

1. Run PowerShell as Administrator:

  - Right-click the Start button > Windows PowerShell (Admin) or Terminal (Admin).

  - This ensures sufficient permissions to load modules and access system services.

 

2. Import the Defender Module Explicitly:

  - In PowerShell, run:

     ```

     Import-Module Defender -Force

     ```

   - Then retry the command:

     ```

     Get-MpComputerStatus

     ```

  - If the import fails, the module isn't available (see troubleshooting below).

 

3. Check if the Service is Running:

   - Run:

     ```

     Get-Service WinDefend

     ```

   - If the status is `Stopped`, start it:

     ```

     Start-Service WinDefend

     ```

  - Retry `Get-MpComputerStatus`.

 

 Troubleshooting Steps

If the above doesn't resolve it, follow these steps systematically:

 

| Step | Command/Action | Expected Outcome / Next If Fails |

|------|----------------|----------------------------------|

| 1. Verify PowerShell Version | `$PSVersionTable.PSVersion` | Should be 5.1+ (Windows 10/Server 2016+). If lower, upgrade PowerShell from Microsoft. |

| 2. Check if Module Exists | `Get-Module -ListAvailable Defender` | Lists the module if installed. If not found, Defender may not be installed—proceed to Step 3. |

| 3. Confirm Defender Installation | `Get-WmiObject -Namespace root\Microsoft\Windows\Defender -Class MSFT_MpComputerStatus` | Alternative WMI query for status. If error, install/enable Defender via Settings > Update & Security > Windows Security. |

| 4. Check Execution Policy | `Get-ExecutionPolicy` | Should be `RemoteSigned` or `Bypass`. If `Restricted`, run `Set-ExecutionPolicy RemoteSigned -Scope CurrentUser`. |

| 5. Test Basic Defender Cmdlets | `Get-MpPreference` | If this fails similarly, Defender isn't enabled. Run `Set-MpPreference -DisableRealtimeMonitoring $false` to enable features. |

| 6. For Older Servers (2012/2016) | Install Windows Defender via Server Manager > Add Roles > Features > Windows Defender. | Reboot and retry. Note: Full support starts in Server 2016+. |

 

 Common Scenarios and Solutions

- In Monitoring Tools (e.g., Nagios/NCPA): Edit the config file (e.g., `ncpa.cfg`) to use the full PowerShell path: `powershell.exe -ExecutionPolicy Bypass -File $plugin_name $plugin_args`. Restart the service.

- Remote Execution (e.g., via Invoke-Command): Ensure WinRM is enabled on the target (`Enable-PSRemoting -Force`). Use: `Invoke-Command -ComputerName RemotePC { Import-Module Defender; Get-MpComputerStatus }`.

- After Onboarding to Microsoft Defender for Endpoint (MDE): Reinstall the onboarded package or verify via Azure Arc. Test with EICAR test file for detection.

- No Output (Not an Error): If the command runs but returns nothing, check if Defender is disabled by third-party AV (e.g., Norton). Uninstall conflicting software.

 

 Example Output (When Working)

 

If successful, `Get-MpComputerStatus` returns details like this:

```

AMEngineVersion      : 1.1.285.0

AMProductVersion     : 4.18.24060.7

AMServiceEnabled     : True

AMServiceVersion     : 4.18.24060.7

AntispywareEnabled   : True

AntispywareSignatureVersion : 1.417.99.0

AntivirusEnabled     : True

AntivirusSignatureVersion   : 1.417.99.0

RealTimeProtectionEnabled : True

...

```

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB66","label":"Technology Lifecycle Services"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SSQAV5D","label":"Microsoft Security Family"},"ARM Category":[{"code":"a8mKe000000004SIAQ","label":"Other Applications"},{"code":"a8mKe000000004IIAQ","label":"Security Family"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":""}]

Document Information

Modified date:
06 February 2026

UID

ibm17259971

Page Feedback