Since Windows 8, Windows Defender comes pre-installed in Microsoft’s operating system, thus offering malware protection by default and without the need for third-party solutions.
Windows Defender has further evolved in Windows 10, and in April 2018 Update it’s the key part of the so-called Windows Defender Security Center, a security hub grouping all features that are related in any way to your system’s protection against cyber-threats.
For many users in general, and for power users in particular, Windows Defender is just the right choice when it comes to malware protection, especially because Microsoft is making big efforts to bring it in line with third-party products. Real-time protection, daily definition updates, and more improvements landing with new OS feature updates are all part of Windows Defender’s security arsenal.
There are moments, however, when a malware infection disables Windows Defender UI’s or makes it impossible to run a scan from its interface. Thanks to the fact that it’s a native product, Windows Defender can also be used from the command line to run scans and perform updates.
How to update Windows Defender from the command line
All these commands rely on MpCmdRun.exe, the Microsoft Malware Protection engine process that can be launched from the Command Prompt. There’s a standard path that we’re going to use for each command, as it follows:
%ProgramFiles%\Windows Defender\MpCmdRun.exe
If you installed Windows 10 on a different partition other than C: or if you changed the location of Windows Defender, you need to modify the path above accordingly.
In order to update Windows Defender from the command line, first launch Command Prompt by just typing cmd in the Start menu and then launch it as administrator. Send the following command to start the update process (make sure you keep the quotes):
"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate
How to scan your system for malware from the command line
Starting a scan with Windows Defender from Command Prompt comes down to the same path as mentioned above, but this time with a different parameter called ScanType. There are three different versions of ScanType as it follows:
ScanType 1 – Quick Scan ScanType 2 – Full Scan ScanType 3 – Custom scan |
"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType X
Running a custom scan also involves defining the location that you want to scan using the File parameter Scanning a folder called bgdftw located on the main C: drive should lead to the following command:
"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File C:\bgdftw\
Just make sure that you correctly define the path to be scanned and if it returns and error, double-check the name of the folder you pointed to. You can also have Windows Defender scan just a specific file in a folder by simply providing the full path to the file including its extension.
Additionally, you can also use the command line to start a scan with Windows Defender of the boot sector. This is particularly helpful when malware infects the boot sector and starts before antivirus solutions, thus making such that it blocks any removal process and keeps the system infected. In this case, the command for the boot sector scan is the following:
"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType -BootSectorScan
Any of these commands can be used for scripts or BAT files that can be launched to perform automated scans on one or more computers in a network. They can be further mixed for more effective malware protection or removal in case of an existing infection hitting a bigger number of machines.