Learn how to scan for viruses, update, or troubleshoot Microsoft Security Essentials using the MpCmdRun.exe command line utility.
Pretty much everything that can be done from the Microsoft Security Essentials (MSE) GUI interface and more can be done using MSE’s MpCmdRun command line utility.
If you have the skills, you can get pretty creative and manage a network of computers using batch files.
To start the MSE command line utility:
- Open the Command prompt with elevated privileges by searching for cmd in the Start Menu’s search box.
- Right-click cmd.exe in the search results and then select Run as administrator.
- Type cd C:\Program Files\Microsoft Security Essentials and then press Enter on your keyboard.
You can now use the MpCmdRun.exe command followed by switche(s) to scan, update, fix, or collect MSE data.
Scanning For Malware
MpCmdRun.exe -Scan [-ScanType]
- 0 Default, according to your configuration
- 1 Quick scan
- 2 Full system scan
Example usage:
Full scan: MpCmdRun.exe -Scan -2
Updating MSE
MpCmdRun.exe -SignatureUpdate
- -SignatureUpdate Checks for new definition updates
- [-UNC] Checks for new definition updates from UNC file shares
Example usage:
Update from Microsoft MpCmdRun.exe –SignatureUpdate
Update from network share MpCmdRun.exe –SignatureUpdate -\\file-server\MSE-update
Tracing and Gathering
Tracing
MpCmdRun.exe -Trace [-Grouping value] [-Level value]
Trace Microsoft Antimalware’s actions. You can specify the components for which tracing is enabled and how much information is recorded. If no component is specified, all the components will be logged.
If no level is specified, the Error, Warning and Informational levels will be logged.
The data will be stored in the support directory (C:\Program Files\Microsoft Security Essentials\Support) as a file having the current timestamp in its name and bearing the extension BIN.
[-Grouping]
- 0x1 Service
- 0x2 Malware Protection Engine
- 0x4 User Interface
- 0x8 Real-Time Protection
- 0x10 Scheduled actions
[-Level]
- 0x1 Errors
- 0x2 Warnings
- 0x4 Informational messages
- 0x8 Function calls
- 0x10 Verbose
- 0x20 Performance
Example usage:
Monitor real-time protection and performance MpCmdRun.exe -Trace -Grouping 0x8 -Level 0x20
Gathering
MpCmdRun.exe -GetFiles
Gathers the following log files and packages them together in a compressed file in the support directory.
- Any trace files from Microsoft Antimalware
- The Windows Update history log
- All MsMpSvc or MsMpSvcRtp events from the System and Application event log
- All relevant Microsoft Antimalware registry locations
- The log file of this tool
- The log file of the signature update helper tool
Example usage:
Gather log files MpCmdRun.exe -GetFiles
Trouble Shooting MSE
MpCmdRun.exe -RemoveDefinitions
Rolls back to the previous set of definitions.
[-All] Removes any installed definitions and engine files. Use this option if you have difficulties trying to update definitions.
Example usage:
Roll back definitions MpCmdRun.exe -RemoveDefinitions
Remove all definitions MpCmdRun.exe -RemoveDefinitions -All
Still need help? Ask your computer question now.
Can anybody there help me to write a progam that scanning, detecting and delete a file?
copy the lines between the *** into notepad:
*****
cd “C:\Program Files\Microsoft Security Essentials\”
MpCmdRun.exe -Scan -2
pause
*****
click “File”
click “Save As”
name the file “MSSE.bat”
change the “Save As Type” to “All files”
Now all you have to do is click that batch file, wherever you saved it.
You can also make it run automatically, using the task scheduler.