Tips: Windows Defender from the Command Line
This article will help you to handle better windows defender by command line utility.
Windows Defender includes a command-line utility, MpCmdRun.exe, which can be handy if you want to automate the use of Windows Defender. The utility is located on Windows at %ProgramFiles%\Windows Defender\MpCmdRun.exe.
The basic usage at the command prompt is: MpCmdRun.exe [command] [-options].
Command |
Description |
|
-? |
Displays all available options for the tool |
|
-Trace [-Grouping #] [-Level #] |
Starts diagnostic tracing |
|
-RemoveDefinitions [-All] |
Restores the installed signature definitions to a previous backup copy or to the original default set of signatures |
|
-RestoreDefaults |
Resets the registry values for Windows Defender settings to known good defaults |
|
-SignatureUpdate |
Checks for new definition updates |
|
-Scan [-ScanType] |
Scans for malicious software |
|
-GetFiles |
Collects support information |
|
Client Action |
MpCmdRun Switches |
Additional Switches |
Scan for malicious software based on default configuration |
-Scan -ScanType 0 |
|
Quick scan for malicious software |
-Scan -ScanType 1 |
|
Full system scan for malicious software |
-Scan -ScanType 2 |
|
File and directory custom scan for malicious software |
-Scan -ScanType 3 |
-File -DisableRemediation -BootSectorScan -Timeout |
Begins tracing Microsoft antimalware service's actions |
-Trace |
-Grouping -Level |
Gathers a bunch of files and packages them together in a compressed file in the support directory |
-GetFiles |
-Scan |
Restores the last set of signature definitions |
-RemoveDefinitions -All |
|
Remove all Dynamic Signatures |
-RemoveDefinitions -DynamicSignatures |
|
Performs definition updates directly from UNC path file share specified |
-SignatureUpdate -UNC |
-Path |
Performs definition updates directly from Microsoft Malware Protection Center |
-SignatureUpdate -MMPC |
|
List all quarantined items |
-Restore -ListAll |
|
Restores the most recently quarantined item based on threat name |
-Restore -Name |
-Path |
Restores all the quarantined items |
-Restore -All |
-Path |
Adds a Dynamic Signature |
-AddDynamicSignature |
-Path |
Lists SignatureSet ID's of all Dynamic Signatures |
-ListAllDynamicSignatures |
|
Removes a dynamic signature |
-RemoveDynamicSignature -SignatureSetID |
|
Enables integrity services |
-EnableIntegrityServices |
|
Submit all sample requests |
-SubmitSamples |
Use MpCmdRun alone to see additional information about the switches.
You will receive a return code if you use switch -Scan.
-
0 if no malware is found or successfully remediated
-
2 if malware is found and not remediated
Happy Learning!!!
Thanks & Regards,
Haresh Hirani
Email: [email protected]
Follow me: Twitter @hirravi1
linkedin: https://www.linkedin.com/in/hiraniconfigmgr
X
0 Comments
No Comments