Learn how to scan for viruses, update, or troubleshoot Microsoft Security Essentials using the MpCmdRun.exe command line utility.
Pretty much everything that can be done from the Microsoft Security Essentials (MSE) GUI interface and more can be done using MSE’s MpCmdRun command line utility.
If you have the skills, you can get pretty creative and manage a network of computers using batch files.
To start the MSE command line utility:
- Open the Command prompt with elevated privileges by searching for cmd in the Start Menu’s search box.
- Right-click cmd.exe in the search results and then select Run as administrator.
- Type cd C:\Program Files\Microsoft Security Essentials and then press Enter on your keyboard.
You can now use the MpCmdRun.exe command followed by switche(s) to scan, update, fix, or collect MSE data.
Scanning For Malware
MpCmdRun.exe -Scan [-ScanType]
- 0 Default, according to your configuration
- 1 Quick scan
- 2 Full system scan
MpCmdRun.exe -Scan -2
- -SignatureUpdate Checks for new definition updates
- [-UNC] Checks for new definition updates from UNC file shares
Update from Microsoft
Update from network share
MpCmdRun.exe –SignatureUpdate -\\file-server\MSE-update
Tracing and Gathering
MpCmdRun.exe -Trace [-Grouping value] [-Level value]
Trace Microsoft Antimalware’s actions. You can specify the components for which tracing is enabled and how much information is recorded. If no component is specified, all the components will be logged.
If no level is specified, the Error, Warning and Informational levels will be logged.
The data will be stored in the support directory (C:\Program Files\Microsoft Security Essentials\Support) as a file having the current timestamp in its name and bearing the extension BIN.
- 0x1 Service
- 0x2 Malware Protection Engine
- 0x4 User Interface
- 0x8 Real-Time Protection
- 0x10 Scheduled actions
- 0x1 Errors
- 0x2 Warnings
- 0x4 Informational messages
- 0x8 Function calls
- 0x10 Verbose
- 0x20 Performance
Monitor real-time protection and performance
MpCmdRun.exe -Trace -Grouping 0x8 -Level 0x20
Gathers the following log files and packages them together in a compressed file in the support directory.
- Any trace files from Microsoft Antimalware
- The Windows Update history log
- All MsMpSvc or MsMpSvcRtp events from the System and Application event log
- All relevant Microsoft Antimalware registry locations
- The log file of this tool
- The log file of the signature update helper tool
Gather log files
Trouble Shooting MSE
Rolls back to the previous set of definitions.
[-All] Removes any installed definitions and engine files. Use this option if you have difficulties trying to update definitions.
Roll back definitions
Remove all definitions
MpCmdRun.exe -RemoveDefinitions -All
Still need help? Ask your computer question now.