Home » Guides » Security »

Published on 06.23.09 by Brent Trahan

Scan For Viruses or Update Microsoft Security Essentials Using the MpCmdRun Command Line Utility

Learn how to scan for viruses, update, or troubleshoot Microsoft Security Essentials using the MpCmdRun.exe command line utility.

Pretty much everything that can be done from the Microsoft Security Essentials (MSE) GUI interface and more can be done using MSE’s MpCmdRun command line utility.

If you have the skills, you can get pretty creative and manage a network of computers using batch files.

To start the MSE command line utility:

  1. Open the Command prompt with elevated privileges by searching for cmd in the Start Menu’s search box.
  2. Right-click cmd.exe in the search results and then select Run as administrator.
  3. Type cd C:\Program Files\Microsoft Security Essentials and then press Enter on your keyboard.

You can now use the MpCmdRun.exe command followed by switche(s) to scan, update, fix, or collect MSE data.

Scanning For Malware

MpCmdRun.exe -Scan [-ScanType]

  • 0 Default, according to your configuration
  • 1 Quick scan
  • 2 Full system scan

Example usage:

Full scan: MpCmdRun.exe -Scan -2

Updating MSE

MpCmdRun.exe -SignatureUpdate

  • -SignatureUpdate Checks for new definition updates
  • [-UNC] Checks for new definition updates from UNC file shares

Example usage:

Update from Microsoft MpCmdRun.exe –SignatureUpdate

Update from network share MpCmdRun.exe –SignatureUpdate -\\file-server\MSE-update

Tracing and Gathering

Tracing

MpCmdRun.exe -Trace [-Grouping value] [-Level value]

Trace Microsoft Antimalware’s actions. You can specify the components for which tracing is enabled and how much information is recorded. If no component is specified, all the components will be logged.

If no level is specified, the Error, Warning and Informational levels will be logged.

The data will be stored in the support directory (C:\Program Files\Microsoft Security Essentials\Support) as a file having the current timestamp in its name and bearing the extension BIN.

[-Grouping]

  • 0x1 Service
  • 0x2 Malware Protection Engine
  • 0x4 User Interface
  • 0x8 Real-Time Protection
  • 0x10 Scheduled actions

[-Level]

  • 0x1 Errors
  • 0x2 Warnings
  • 0x4 Informational messages
  • 0x8 Function calls
  • 0x10 Verbose
  • 0x20 Performance

Example usage:

Monitor real-time protection and performance MpCmdRun.exe -Trace -Grouping 0x8 -Level 0x20

Gathering

MpCmdRun.exe -GetFiles

Gathers the following log files and packages them together in a compressed file in the support directory.

  • Any trace files from Microsoft Antimalware
  • The Windows Update history log
  • All MsMpSvc or MsMpSvcRtp events from the System and Application event log
  • All relevant Microsoft Antimalware registry locations
  • The log file of this tool
  • The log file of the signature update helper tool

Example usage:

Gather log files MpCmdRun.exe -GetFiles

Trouble Shooting MSE

MpCmdRun.exe -RemoveDefinitions

Rolls back to the previous set of definitions.

[-All] Removes any installed definitions and engine files. Use this option if you have difficulties trying to update definitions.

Example usage:

Roll back definitions MpCmdRun.exe -RemoveDefinitions

Remove all definitions MpCmdRun.exe -RemoveDefinitions -All

Still need help? Ask your computer question now.

Related Guides:

2 Responses to “Scan For Viruses or Update Microsoft Security Essentials Using the MpCmdRun Command Line Utility”

Subscribe to this guide's comments RSS feed.

  1. Alphonse says:

    Can anybody there help me to write a progam that scanning, detecting and delete a file?

  2. wnerq says:

    copy the lines between the *** into notepad:

    *****

    cd “C:\Program Files\Microsoft Security Essentials\”

    MpCmdRun.exe -Scan -2

    pause

    *****

    click “File”
    click “Save As”
    name the file “MSSE.bat”
    change the “Save As Type” to “All files”

    Now all you have to do is click that batch file, wherever you saved it.

    You can also make it run automatically, using the task scheduler.

Leave a Reply

Subscribe to this guide's comments RSS feed.

Microsoft Windows is a registered trademark of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with MAXIMUMpcguides.com. All other products mentioned are registered trademarks of their respective companies. MAXIMUMpcguides IS NOT RESPONSIBLE for any damage or data loss to your computer from using this web site. All information on MAXIMUMpcguides is provided on an AS IS basis with NO WARRANTIES.

Copyright 2006-2016 Brent Trahan. All rights reserved.