If the scan of your hard drive with Microsoft Defender seems to take forever, it’s worth finding out why.
Here are the basics: Microsoft Defender is the virus protection integrated into Windows by default. If no other antivirus program is installed and activated, Defender protects you against viruses. You can check whether Defender is active for you via Windows icon > All apps > Windows security > Virus and threat protection and then under “Who is protecting me” on the right-hand side. Look for “Microsoft Defender Antivirus.”
The Defender has a virus guard that constantly analyzes every new file. It also regularly scans all files on your system. The tool tries to start this scan only when you are not using your PC. Users who often leave their computer idle may not even notice the scan. Other users may be disturbed by the scan as it consumes both CPU power and hard drive access time. To find out why the Defender takes so long to perform a scan, please follow these steps.
Start a log of the virus scan. Start the virus scan. And analyze the log. You do not need to type in the following commands. Microsoft provides them here for copying. You only need to adapt the name and path of the log file with the extension .etl to your circumstances. This is how it works:
1.Start the log: Open Powershell with administrator rights. To do this, right-click on the Windows icon and select “Terminal (Administrator).” Enter this command there:
The log starts and runs until you press the Enter key in the terminal. You will then find the recording in the file “Defender-scans.etl” on drive C: You can change the file name and path as you wish. However, before you press the Enter key, you must start a virus scan.
2.Start a virus scan: Open Windows icon > All apps > Windows security > Virus and threat protection > Scan options > Full scan > Scan now. You can now continue to use your computer as you are used to in order to reproduce the disruptive effects during a scan. Or you can run your scan without using the PC. After the scan, switch back to the terminal and press Enter.
3. Analyze log: You can convert the log into a CVS file and open it in Excel. In the “Duration” column, you can see which files took the Defender the longest to scan. Use this command to convert the recorded log:
Get-MpPerformanceReport -Path c:\Defender-scans.etl -TopScans 20 
IDG
On our test system, we noticed during this evaluation that the Defender takes around six minutes to scan an ISO file in the recycle bin. By emptying the recycle bin, we were able to save this time for the next scan. Another command for analyzing the log only takes into account the top 10 for scan duration, file extensions, processes and files:
