Recently seen an issue where the PowerShell command to return the status of the Microsoft Defender client does not return any results.

As found by SnowDev, at https://techcommunity.microsoft.com/discussions/microsoftdefenderatp/get-mpcomputerstatus-output-is-blank/4360952, this looks like a problem with Defenders Protection Management CIM Provider. Registering that fixes the issue with the command below.

Register-CimProvider -ProviderName ProtectionManagement -Namespace root\Microsoft\Windows\Defender -Path -Impersonation True -HostingModel LocalServiceHost -SupportWQL -ForceUpdate

SnowDev has helpfully written a script to locate the DDL path and update the values below:

$DefenderNamespace = "root\Microsoft\Windows\Defender"
$DefenderClass = "MSFT_MpComputerStatus"

function Get-LatestProtectionManagementDllPath {
    $defenderPlatformPath = Join-Path -Path $env:ProgramData -ChildPath "Microsoft\Windows Defender\Platform"
    $latestVersionDir = Get-ChildItem -Path $defenderPlatformPath -Directory | Sort-Object LastWriteTime -Descending | Select-Object -First 1

    if (-not $latestVersionDir) {
        Write-Error "No version directories found under: $defenderPlatformPath"
        return $null
    }

    $dllPath = Join-Path -Path $latestVersionDir.FullName -ChildPath "ProtectionManagement.dll"
    if (-not (Test-Path $dllPath)) {
        Write-Error "ProtectionManagement.dll not found in: $($latestVersionDir.FullName)"
        return $null
    }

    return $dllPath
}

function Reregister-ProtectionManagementDLL {
    $dllPath = Get-LatestProtectionManagementDllPath
    if (-not $dllPath) {
        return $false
    }

    try {
        Register-CimProvider -ProviderName ProtectionManagement `
                             -Namespace $DefenderNamespace `
                             -Path $dllPath `
                             -Impersonation True `
                             -HostingModel LocalServiceHost `
                             -SupportWQL `
                             -ForceUpdate

        Write-Host "Successfully re-registered ProtectionManagement provider."
        return $true
    } catch {
        Write-Error "Error during provider re-registration: $_"
        return $false
    }
}

function Check-RealtimeProtectionStatus {
    try {
        $status = Get-CimInstance -Namespace $DefenderNamespace -ClassName $DefenderClass -ErrorAction Stop
        switch ($status.RealTimeProtectionEnabled) {
            $true  { return "Running" }
            $false { return "NotRunning" }
            default { return "NotFound" }
        }
    } catch {
        Write-Warning "Unable to retrieve RealTimeProtectionEnabled instance from $DefenderClass in $DefenderNamespace. Exception: $_"
        return "Exception"
    }
}

# --- MAIN  ---

$status = Check-RealtimeProtectionStatus
Write-Host "Current RealTimeProtectionEnabled Status: $status"

if ($status -eq "NotFound" -or $status -eq "Exception")  {
    Write-Host "Attempting to re-register Windows Defender's ProtectionManagement provider..."
    if (-not (Reregister-ProtectionManagementDLL)) {
        Write-Error "Failed to re-register the provider. Exiting."
        #exit 1
    }

    Start-Sleep -Seconds 5
    $status = Check-RealtimeProtectionStatus
    Write-Host "Post-registration RealTimeProtectionEnabled Status: $status"

   if ($status -eq "NotFound" -or $status -eq "Exception")  {
        Write-Error "ERROR: RealTimeProtectionEnabled instance still missing after re-registration."
        #exit 1
    }
}