Softpedia >News >Microsoft >Windows
Softpedia Homepage   

Windows Defender Commands Every Windows 10 Power User Should Know

Manage Windows Defender right from the command line

Feb 11, 2020 12:47 GMT  ·  By
Windows Defender in Windows 10
   Windows Defender in Windows 10

I said it before, and I’m saying it again: Windows Defender has evolved so much that with the right protections in place, third-party antivirus is no longer required on Windows 10, as the OS has pretty much everything it needs to block the majority of threats.

The most recent security tests performed by various organizations are living proof of just how advanced Windows Defender has become in Windows 10, so it’s no surprise that many actually keep it running in the background to protect their data.

Managing Windows Defender isn’t necessarily a difficult thing to do, especially as Microsoft has created a pretty straightforward interface that you can easily launch from the system tray icon. But the more Windows Defender advances and new settings are being added, the more difficult it gets to find a specific feature.

At the same time, administrators would rather stick with commands they can run in Command Prompt to manage Window Defender, as this makes it easier to automate certain tasks on a specific set of devices.

Working with Windows Defender in the command line pretty much comes down to the mpcmdrun.exe process, as it lets you conduct a series of tasks, including launching a scan. This exe is located at the following path:


%ProgramFiles%\Windows Defender\MpCmdRun.exe
 Basically, to conduct a scan, you can use the following command (and scroll down for more instructions):
mpcmdrun.exe -Scan [-ScanType [0\|1\|2\|3]] [-File <path> [-DisableRemediation] [-BootSectorScan]] [-Timeout <days>] [-Cancel]
 While this looks very complicated, it’s not, and the part that you’re most likely interested in is the scan type. In the command line, 0 is the default scan, 1 is a quick scan, 2 is a full scan, and 3 is a custom scam with a specified location. So technically, to run a quick scan of the device, the command is this:
mpcmdrun.exe -Scan -1
 There are several other important options for this command, including one that allows you restore the previous installed engine. This option comes in particularly handy when Windows Defender experiences issues after the latest update. The command uses the following parameter:
-RemoveDefinitions [-Engine]    
 You can also check for new virus definition updates from the command line using this command:
mpcmdrun.exe -SignatureUpdate [-UNC \| -MMPC]        
 On the other hand, if you want to restore the previously-installed security intelligence update to a backup or the default version, this is the command:
mpcmdrun.exe -RemoveDefinitions [-All]             
 Recovering after a malware infection is something that’s not very convenient, but fortunately, Windows Defender also comes with a series of options to list quarantined items from the command line, without the need for launching its UI. You can use this command to restore or list the quarantined files:
mpcmdrun.exe -Restore [-ListAll \| [[-Name <name>] [-All] \| [-FilePath <filePath>]] [-Path <path>]]         
 Make sure you modify the command according to your options – choose between restore and list, and provide a path to the files you don’t want the command to affect all quarantined files.

All these commands need to be launched in a Command Prompt window with administrator privileges, otherwise you won’t be able to make any changes to Windows Defender – standard accounts are not allowed to modify system files.

And of course, they work in all Windows 10 versions, including the upcoming Windows 10 version 2004. This particular release has already been completed, and now Microsoft is only giving the finishing touches before it begins the public rollout to production devices across the world in April or May.