Why is Windows Defender antivirus scan slow? Here’s how to find out

If it seems like scanning your hard drive with Microsoft Defender takes a long time, it’s worth figuring out why.

Here’s the basics: Microsoft Defender is the default antivirus protection built into Windows. If you don’t have another antivirus program installed and activated, Defender can protect you from viruses.

You can check if Defender is active by going to the Windows icon > All apps > Windows Security > Virus & threat protection, and then look under “Who’s protecting me” on the right side. Look for “Microsoft Defender Antivirus.”

Defender has a virus protection program that continually analyzes every new file. It also scans all files on the system regularly. This tool only attempts to start this scan when you’re not using your computer. Users who often leave their computers idle might not even notice the scan. Other users might be bothered by the scan because it consumes CPU power and hard drive access time. To understand why Defender takes so long to perform scans, follow these steps.


In “Windows Security,” initiate a manual scan using Microsoft Defender and monitor the progress of the scan. For large amounts of data, the scan may take several hours.

Activate virus scan logging. Initiate the virus scan and analyze the logs. You don’t need to enter the following commands. Microsoft provides them here for you to copy. Simply adjust the name and path of the log file with the .etl extension according to your situation. Here’s how it works:

1. Start logging: Open PowerShell with administrative privileges. To do this, right-click on the Windows icon and select “Windows PowerShell (Admin).” Enter the following command there:

New-MpPerformanceRecording -RecordTo c:\Defenderscans.etl 

The logging will start and run until you press Enter in the terminal. Then, you’ll find the recorded content in the file “Defender-scans.etl” on drive C: You can change the filename and path as needed. But, you must start the virus scan before pressing Enter.

2. Start the virus scan: Open the Windows icon > All apps > Windows Security > Virus & threat protection > Scan options > Full scan > Scan now. You can now continue to use your computer as usual to reproduce any disruptive impacts during the scan. Alternatively, you can run the scan while not using the PC. Once the scan is complete, switch back to the terminal and press Enter.

3. Analyze the logs: You can convert the logs into a CVS file and open it in Excel. In the “Duration” column, you can see which files took the longest time for Defender to scan. Use this command to convert the recorded log:

(Get-MpPerformanceReport -Path c:\Defender-scans.etl -Topscans 100). TopScans | ConvertTo-Csv -NoTypeInformation 

Microsoft provides options to analyze logs in PowerShell. For example, to display the top 20 files with the longest scan times, enter the following:

Get-MpPerformanceReport -Path c:\Defender-scans.etl -TopScans 20 


The log evaluation conducted via PowerShell shows the top 20 files that require the most scanning time. This allows you to identify problematic cases, such as ISO files in the Recycle Bin.

On our test system, we noticed that Defender takes approximately six minutes to scan ISO files in the Recycle Bin during the evaluation process. By emptying the Recycle Bin, we can save time for the next scan. Another command for analyzing logs only considers scan duration, file extensions, processes, and the top 10 files:

Get-MpPerformanceReport -Path c:\Defender-scans.etl -TopFiles 10 -TopExtensions 10 -TopProcesses 10 -TopScans 10

Leave a Reply

Your email address will not be published. Required fields are marked *