Wednesday, June 3, 2026
type here...
Community ResourceTools

Windows Defender from the Command Line

By Haresh Hirani
0
1470

Tips: Windows Defender from the Command Line

This article will help you to handle better windows defender by command line utility.

Windows Defender includes a command-line utility, MpCmdRun.exe, which can be handy if you want to automate the use of Windows Defender. The utility is located on Windows at %ProgramFiles%\Windows Defender\MpCmdRun.exe. 

The basic usage at the command prompt is: MpCmdRun.exe [command] [-options].

Command

Description

-?

Displays all available options for the tool

-Trace [-Grouping #] [-Level #]

Starts diagnostic tracing

-RemoveDefinitions [-All]

Restores the installed signature definitions to a previous backup copy or to the original default set of signatures

-RestoreDefaults

Resets the registry values for Windows Defender settings to known good defaults

-SignatureUpdate

Checks for new definition updates

-Scan [-ScanType]

Scans for malicious software

-GetFiles

Collects support information

Client Action

MpCmdRun Switches

Additional Switches

Scan for malicious software based on default configuration

-Scan -ScanType 0

  

Quick scan for malicious software

-Scan -ScanType 1

  

Full system scan for malicious software

-Scan -ScanType 2

  

File and directory custom scan for malicious software

-Scan -ScanType 3

-File -DisableRemediation -BootSectorScan -Timeout

Begins tracing Microsoft antimalware service’s actions

-Trace

-Grouping -Level

Gathers a bunch of files and packages them together in a compressed file in the support directory

-GetFiles

-Scan

Restores the last set of signature definitions

-RemoveDefinitions -All

  

Remove all Dynamic Signatures

-RemoveDefinitions -DynamicSignatures

  

Performs definition updates directly from UNC path file share specified

-SignatureUpdate -UNC

-Path

Performs definition updates directly from Microsoft Malware Protection Center

-SignatureUpdate -MMPC

  

List all quarantined items

-Restore -ListAll

  

Restores the most recently quarantined item based on threat name

-Restore -Name

-Path

Restores all the quarantined items

-Restore -All

-Path

Adds a Dynamic Signature

-AddDynamicSignature

-Path

Lists SignatureSet ID’s of all Dynamic Signatures

-ListAllDynamicSignatures

  

Removes a dynamic signature

-RemoveDynamicSignature -SignatureSetID

  

Enables integrity services

-EnableIntegrityServices

  

Submit all sample requests

-SubmitSamples

  

Use MpCmdRun alone to see additional information about the switches.

You will receive a return code if you use switch -Scan.

  • 0 if no malware is found or successfully remediated

  • if malware is found and not remediated

Happy Learning!!!

Thanks & Regards,
Haresh Hirani
Email: [email protected]
Follow me: Twitter @hirravi1
linkedin: https://www.linkedin.com/in/hiraniconfigmgr

Author

  • Hi, I’m Haresh Hirani the mind behind Hiraniconfigmgr.com. I’m a seasoned IT professional with deep expertise in Microsoft technologies, especially in Configuration Manager (ConfigMgr/SCCM). Over the years, I’ve expanded my skill set to cover a broader range of modern device management platforms like Microsoft Intune, Jamf Pro, ManageEngine Endpoint Central, and VMware AirWatch (Workspace ONE UEM), I use this blog to document real-world, tested, working fixes and walkthroughs from my daily technical experiences. The 💡idea is simple: if it helped me, it might help someone like you. My goal is to create a living repository of practical IT solutions for the community. If you find something useful, or if you want to collaborate, feel free to connect with me on LinkedIn or drop a message through the Contact page. Happy to help.

Previous article
Port Check
Next article
Enable Early Update Ring

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Search

Latest posts

I’m the person behind this webpage. Thank you for visiting the website and about me page! My website is all about Microsoft technologies. More about ConfigMgr and all other technologies which are interesting for me. However, larger percentage of my posts are related to SCCM. Normally, like to post the interesting issues which I came across in my day to day tech life. you will find only solutions which comes on my day to day life.

Hot Category

Popular Post

© COPYRIGHT Hiraniconfigmgr.com

Developed By : Deepcoder