Software

How to get more from Windows Defender by using its command-line tool

Windows Defender's command-line utility lets you automate basic tasks and handle certain advanced operations. Here's a look at how to use the tool and examples of ways it can come in handy.

hero

Image: iStockphoto.com/Peshkova


In the article Windows Defender: Past, present, and future, I told you that Windows Defender appears to be slated for a transition into a modern Windows app after years with a similar user interface. I also ran through some of the features in the most current version of Windows Defender.

After that article was published, I received a question from a reader who asked if I knew whether Windows Defender will still have a command-line version after it is converted into a Windows app. I checked with a couple of my sources and received three answers: Yes, No, and Maybe. The Yes and Maybe answers were based on the fact that there are some advanced operations you can only perform from the command line. Since it's really too early to speculate further, I'll just leave it at that for now. However, while I was running my informal survey, I discovered that a couple of my contacts were unaware that there was a command-line version of Windows Defender.

As such, I thought I would write an article covering how and why to run Windows Defender from the command line. Let take a look.

SEE: How to remove pesky malware from your PC with Windows Defender Offline

Accessing the command-line version

Since Windows Defender has a Windows UI and performs most of its operations in the background, you may be wondering why anyone would want to use it from the command line. Well, the truth is that the command-line version is useful in situations where you want to be able to automate and customize Windows Defender's standard operations. Furthermore, as I mentioned, there are some advanced operations you can only perform from the command line-version. You may not use some of those operations often, but it's nice to know that they are available.

To find the command-line version of Windows Defender, just open File Explorer and navigate to C:\Program Files\Windows Defender. When you get there, look for a file by the name of

MpCmdRun.exe

If you right-click on the file and access its properties, you'll see that the actual name of the tool is Microsoft Malware Protection Command Line Utility (Figure A). Thus, the strange filename.

Figure A

Figure A
You can find the actual name of the tool by accessing the file's properties.

Performing standard operations

To use the command-line version of Windows Defender, you need to be in an Administrator Command Prompt. If you have been following along and have File Explorer open to the C:\Program Files\Windows Defender folder, all you have to do is pull down the File menu and select the Open Command Prompt As Administrator command, as shown in Figure B.

Figure B

Figure B
You can open an Administrator Command Prompt from within File Explorer.

The command-line version is useful in situations where you want to automate and customize how and when Windows Defender is run. For example, if you want to run a quick scan, you'll use the command:

mpcmdrun -scan -scantype 1

If you want to run a full scan, you'll use the command:

mpcmdrun -scan -scantype 2

If you want to check for new virus signature definition updates, you'll use the command:

mpcmdrun -signatureupdate

SEE: Interview with a hacker: Gh0s7, leader of Shad0wS3c

Performing advanced operations

In addition to the standard types of operations, there are several other advanced operations you can only perform with the command-line version of Windows Defender. For instance, you can enable diagnostic tracing, remove certain signature definitions, scan specific folders, and just run a scan on the boot sector of your hard disk. Here are a few examples.

If you want to scan the Downloads folder, you'll use the command:

mpcmdrun -scan -scantype 3 -File C:\Users\{yourname}\Downloads

If you want to perform a boot sector scan, you'll use the command:

mpcmdrun -scan -bootsectorscan

If Windows Defender gets fouled up during a signature definition update, you can reset signature definitions using the command:

mpcmdrun -removedefinitions

You can then try the update again.

If Windows Defender isn't performing up to par, you can reset the settings using the command:

mpcmdrun -restoredefaults

Detailed help

You can get detailed information about these commands and other advanced Windows Defender command-line operations with the command:

mpcmdrun -?

Also see...

What's your take?

Do you use Windows Defender in Windows 10? Did you know that you can run it from the command line? Share your thoughts and experiences with fellow TechRepublic members.

About Greg Shultz

Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.

Editor's Picks

Free Newsletters, In your Inbox