Windows Defender is the antivirus for Windows 10 . This antivirus is installed by default together with the operating system and, since its launch, it has become one of the best alternatives we can find to protect our PC.
This antivirus has a very simple to use and understand interface from which to access all the options and functions of this antivirus. However, it also has a series of CMD commands that allow us to control, manage and automate much better everything related to Windows Defender security .
All these tasks are carried out through the file ” MpCmdRun.exe “, which is located inside% ProgramFiles% Windows Defender. Depending on the parameter we assign it, it will carry out one activity or another. And is that the Windows Defender engine was designed so that both system administrators and more advanced users, could control security software through command line. These functions can be used interchangeably from the program interface and from CMD.
Moreover, from the interface itself we will have more options available than from CMD, but through these shortcuts we will have a main advantage. And that using Windows Defender from the command line will offer us the possibility of creating custom scripts, automating them and running an analysis, all through a keyboard shortcut. As a drawback, as might be expected, we find that the commands are not exactly intuitive, so it will not be easy to memorize them.
Automate Windows Defender with shortcuts
Surely for many, memorizing and using the CMD commands to control Windows Defender will be quite a tedious task. However, we can find much more to use these commands if we use them to create scripts in .bat to perform certain tasks.
To do this, we just have to open a Windows notepad window, paste the command, or the commands, that we want to be executed and save it with a .bat extension.
Once we have this file already saved in that format, each time we execute it with a double click, its corresponding task will be carried out. We can configure it to run at startup, schedule it or launch it whenever we want.
Of course, it is recommended to give these scripts Administrator permissions . Otherwise, we may have problems, both in the analysis and when eliminating a threat.
Search for viruses from CMD
Next we will see how we can search for viruses with Windows Defender from CMD. For this, it will be essential to run the console with administrator permissions. To do this, we must type “cmd” in the Windows 10 start menu search engine, and select “Run as administrator” and the command line window will appear.
If we want to search for a virus, we can through CMD, we can do it thanks to the «-Scan» parameter we will be able to analyze any directory on our computer with Microsoft’s own antivirus. This parameter must be followed by other instructions depending on the type of analysis we want to perform:
0: default scan.
1: quick scan.
2: full PC scan.
3: personalized analysis with your own directory.
For example, we can do a quick scan of our Windows with the command:
"%ProgramFiles%Windows Defendermpcmdrun.exe" -Scan -1
Or a complete analysis of our entire PC with:
"%ProgramFiles%Windows Defendermpcmdrun.exe" -Scan -2
If we choose custom analysis (that is, parameter -3) we will be able to add other additional parameters that will offer us more control over the analysis in question. For example, we can launch an analysis of our personal Windows folder with:
"%ProgramFiles%Windows Defendermpcmdrun.exe" -Scan -3 -File "C:Usersusuario"
If we choose to use the ” -DisableRemediation ” parameter , then our custom scanner:
- It will not analyze exclusions.
- It will analyze the archive files.
- No actions will be applied after the analysis.
- Detections will not be logged.
- Detections will not appear in the interface.
- We will only see detections in the CMD console.
The ” -BootSectorScan ” parameter will also allow us to analyze the boot sectors, or boot, to rule out the possibility of a virus appearing.
Finally, with the -Cancel parameter we will cancel any analysis, both fast and complete, that is running on the PC. Useful if we have run an analysis and want to stop it without waiting for it to finish.
Other parameters to control Windows Defender from CMD
Microsoft offers us many other parameters that allow us to control Windows Defender from CMD with the MpCmdRun.exe program.
For example, the « -Restore » parameter allows us to check all the threats that are in the quarantine and, in addition, to restore any of them. All this according to the corresponding parameter that accompanies it:
- -ListAll: our a list with all the quarantine files.
- -Name (name) – Restores the most recent threat from quarantine that matches that name.
- -All: restore all threats from quarantine.
- -FilePath (path): restore items according to a specified directory.
The parameter ” -CheckExclusion -path (path) ” allows us to check if a specific directory is, or not, excluded from the antivirus scan.
If we want to consult all the commands and parameters that this program offers us, we simply have to consult its help in CMD by typing in the console:
“% ProgramFiles% Windows Defendermpcmdrun.exe” -?
Update antivirus from CMD
Finally, another very interesting and useful parameter to control our antivirus from the Windows console is « -SignatureUpdate «. This parameter allows us to update Windows Defender from CMD, downloading the latest version of the database and making sure we always have the latest version of the database.
Furthermore, with the ” -removedefinitions ” and ” -dynamicsignatures ” parameters we can also clear the update cache, useful for solving all kinds of antivirus-related problems.
Cancel running tasks
In the event that we have mistakenly executed a command and Windows Defender has started to analyze our PC, we will possibly throw ourselves head to head. And is that, by not having the interface open, we will not be able to control the antivirus activity from it. However, we can use a trick thanks to which we will be able to stop any manual scan that is in progress. To do this, we simply have to execute this command to stop everything that is running: