The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

Run Scans, Update or Purge Definitions in Windows Defender from Command Line using MpCmdRun.exe

Download Windows Speedup Tool to fix errors and make PC run faster

Windows Defender on Windows 11/10 has the ability to scan, update, or run other tasks from the command prompt. The application MpCmdRun.exe is situated in the %ProgramFiles%\Windows Defender folder respectively and is called the Microsoft Antimalware Service Command Line Utility. You can use this tool to automate and troubleshoot Microsoft Antimalware Service.

Run Microsoft Defender from Command Line using MpCmdRun.exe

run Windows Defender from the Command Line

To do so, open the command prompt as an administrator. Type the following to get the entire list of commands:

"%ProgramFiles%\Windows Defender\MpCmdRun.exe"

Run Defender Quick scan from the command line

So for instance if you wish to run a Quick scan from the command line, you can use -Scan 1 parameter:

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 1

Run Defender Full scan from the command line

To perform a Full scan, use:

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 2

Purge Windows Defender Definitions cache

At a command prompt (admin) enter the following command and hit Enter:

%ProgramFiles%\Windows Defender\MpCmdRun.exe -removedefinitions -all

Update Windows Defender Quick from the command line

To Update Windows Defender or to create a shortcut to update your Windows Defender  you can use the following command:

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" –signatureupdate

MpCmdRun.exe

You can also create desktop shortcuts to run the following commands.

Read: You can also update Windows Defender definitions using Windows PowerShell.

MpCmdRun.exe process

Here is the entire list which I have copy-pasted from the command prompt results:

MpCmdRun.exe [command] [-options]

Command Descriptions:

  • -? / -h : Displays all available options for this tool
  • -Trace [-Grouping #] [-Level #] :  Starts diagnostic tracing
  • -RemoveDefinitions [-All] : Restores the installed signature definitions to a previous backup copy or to the original default set of signatures
  • -RestoreDefaults : Resets the registry values for Microsoft Antimalware Service settings to known good defaults
  • -SignatureUpdate [-UNC] : Checks for new definition updates
  • -Scan [-ScanType] : Scans for malicious software
  • -Restore -Name <name> [-All] : Restore the most recently or all quarantined item(s) based on name
  • -GetFiles : Collects support information
  • -Restore : Restore or list quarantined item(s)
  • -AddDynamicSignature : Loads a dynamic signature
  • -ListAllDynamicSignatures : List the loaded dynamic signatures
  • -RemoveDynamicSignature : Removes a dynamic signature.

Hope this helps you get started. For details, you may visit Microsoft.

AnandK@TWC

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP (2006-16) & a Windows Insider MVP (2016-2022). Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.