Pretty much everything that can be done from the Microsoft Security Essentials (MSE) GUI interface and more can be done using MSE’s MpCmdRun command line utility.

If you have the skills, you can get pretty creative and manage a network of computers using batch files.

To start the MSE command line utility:

1. Open the Command prompt with elevated privileges by searching for cmd in the Start Menu’s search box.
2. Right-click cmd.exe in the search results and then select Run as administrator.
3. Type cd C:\Program Files\Microsoft Security Essentials and then press Enter on your keyboard.

You can now use the MpCmdRun.exe command followed by switche(s) to scan, update, fix, or collect MSE data.

Scanning For Malware

MpCmdRun.exe -Scan [-ScanType]

• 0 Default, according to your configuration
• 1 Quick scan
• 2 Full system scan

Example usage:

Full scan: MpCmdRun.exe -Scan -2

Updating MSE

MpCmdRun.exe -SignatureUpdate

• -SignatureUpdate Checks for new definition updates
• [-UNC] Checks for new definition updates from UNC file shares

Example usage:

Update from Microsoft MpCmdRun.exe –SignatureUpdate

Update from network share MpCmdRun.exe –SignatureUpdate -\\file-server\MSE-update

Tracing and Gathering

Tracing

MpCmdRun.exe -Trace [-Grouping value] [-Level value]

Trace Microsoft Antimalware’s actions. You can specify the components for which tracing is enabled and how much information is recorded. If no component is specified, all the components will be logged.

If no level is specified, the Error, Warning and Informational levels will be logged.

The data will be stored in the support directory (C:\Program Files\Microsoft Security Essentials\Support) as a file having the current timestamp in its name and bearing the extension BIN.

[-Grouping]

• 0×1 Service
• 0×2 Malware Protection Engine
• 0×4 User Interface
• 0×8 Real-Time Protection
• 0×10 Scheduled actions

[-Level]

• 0×1 Errors
• 0×2 Warnings
• 0×4 Informational messages
• 0×8 Function calls
• 0×10 Verbose
• 0×20 Performance

Example usage:

Monitor real-time protection and performance MpCmdRun.exe -Trace -Grouping 0x8 -Level 0x20

Gathering

MpCmdRun.exe -GetFiles

Gathers the following log files and packages them together in a compressed file in the support directory.

• Any trace files from Microsoft Antimalware
• The Windows Update history log
• All MsMpSvc or MsMpSvcRtp events from the System and Application event log
• All relevant Microsoft Antimalware registry locations
• The log file of this tool
• The log file of the signature update helper tool

Example usage:

Gather log files MpCmdRun.exe -GetFiles

Trouble Shooting MSE

MpCmdRun.exe -RemoveDefinitions

Rolls back to the previous set of definitions.

[-All] Removes any installed definitions and engine files. Use this option if you have difficulties trying to update definitions.

Example usage:

Roll back definitions MpCmdRun.exe -RemoveDefinitions

Remove all definitions MpCmdRun.exe -RemoveDefinitions -All