+4 votes
69 views
Antivirus Windows CMD Command

in Security by (552k points)
reopened | 69 views

1 Answer

+5 votes
Best answer

How to use Windows antivirus in CMD

To stay up to date, remember to subscribe to our YouTube channel!
SUBSCRIBE ON YOUTUBE

 

The antivirus in Windows is managed directly from the Windows Security utility and as such integrates a wide group of functions created so that the security and privacy of both the computer and the user are as protected as possible thanks to various processes that are executed both on foreground as background and the constant updates that allow the database of threats to be up to date and thus face this growing threat. But a much more comprehensive mechanism to analyze the computer is to do all this directly from the console thanks to the MpCmdRun command..

 

MpCmdRun (Microsoft Malware Protection Command Line Utility) is integrated into Windows as a command line function thanks to which it is possible to manage and execute tasks associated with Microsoft Defender Antivirus which, as we have mentioned, is the way Windows adds integrated security to protect your computer from malware, viruses, spyware, and other current threats.

 

 

Actions
With MpCmdRun we can perform some actions such as:

 

  • Configure multiple alternatives and tasks of Microsoft Defender Antivirus highlighting the scan schedule, configure actions for the threats that are detected, establish notifications of any analysis or threat and more.
  • Perform malware scans on the system and/or specific drives to find and remove threats using various scan options.
  • Perform a diagnosis and resolution of problems associated with the antivirus.
  • Detect and eliminate multiple types of threats.
  • It allows updating definitions, malware definitions are files where information about the latest known threats is recorded, the MpCmdRun command is responsible for updating these definitions to be in the battle against threats.

 

The basic use of this utility is as follows:

 MpCmdRun.exe [command] [-options] 

 

commands
The commands available to use in Windows are:

 

  • -Scan (-ScanType): performs the scan for software, the values ​​we can use for ScanType are 0 (default), 1 (quick scan), 2 (full scan) or 3 (custom scan of files and directories)
  • -Trace: start the diagnostic trace (tracert)
  • -CaptureNetworkTrace -Path <path>: is responsible for capturing the network input in the Network Protection service and then stores it in a defined file
  • -GetFiles: is responsible for collecting support information
  • -GetFilesDiagTrack: collects details and sends them to the DiagTrack temporary folder
  • -RemoveDefinitions [-All] – Restores installed security intelligence to a previous backup or to the default set in Windows
  • -RemoveDefinitions [-DynamicSignatures]: will only remove dynamically downloaded signatures
  • -RemoveDefinitions [-Engine]: allows to restore the engine installed in previous dates
  • -SignatureUpdate: checks for new security intelligence updates
  • -Restore [-ListAll] - Restores or lists quarantined items
  • -ListAllDynamicSignatures: displays loaded dynamic security intelligence
  • -RemoveDynamicSignature: removes dynamic security intelligence
  • -ValidateMapsConnection: is responsible for validating that the network can establish communication with the Microsoft Defender Antivirus cloud service
  • -ResetPlatform: Resets platform binaries to %ProgramFiles%\Windows Defender
  • -RevertPlatform: Allows you to revert platform binaries to a previously installed version

 

 

Now let's see how to use this utility in Windows and thus analyze various aspects of the system..

 

How to use Windows antivirus in CMD

 

Step 1

To start we open the File Explorer and validate in the following path that the Windows Defender folder exists:
 C:\Program Files\Windows Defender 
image

 

Step 2

We access the folder to see that the executable is available:

 

image

 

Step 3

Now we are going to open the Command Prompt Console as administrator:

 

image

 

Step 4

In the console we access the Windows Defender path using the "cd" command:

 

image

 

step 5

First let's run a quick scan using type 1:
 MpCmdRun -Scan -ScanType 1 
image

 

step 6

We wait for it to be executed and when this process ends we will be notified of the result:

 

image

 

step 7

We can see the result of the executed exam:

 

image

 

step 8

Now, to perform a full Windows scan, we'll run the following command using type 2:
 MpCmdRun -Scan -ScanType 2 
image

 

step 9

If it takes too long we can cancel it using the following keys, at the end we can see the result of the exam.

 

Ctrl + C

 

 

step 10

As we said, it is possible to perform a custom analysis, for this we first go to File Explorer and validate the path to be analyzed:

 

image

 

step 11

Now in the console we execute the following syntax:
 MpCmdRun -Scan -ScanType 3 -File "path" 
image

 

step 12

We hope it ends:

 

image

 

step 13

One of the most special exams is the offline analysis of the system which is ideal since we avoid using various processes and services, to perform this analysis in the console we will execute the following:
 PowerShell Start-MpWDOScan 
image

 

step 14

By pressing Enter, the system will be rebooted:

 

image

 

step 15

We wait for it to start loading the system:

 

image

 

step 16

In a moment we will see that the system examination starts in offline mode:

 

image

 

step 17

Then it will be possible to see the status of the analysis in real time:

 

image

 

step 18

There we can see the analysis percentage:

 

image

 

step 19

Windows will automatically restart at the end of the analysis:

 

image

 

step 20

It is possible that when we log in we will have a result of this analysis:

 

image

 

step 21

Another of the available options is to analyze the boot of Windows, which can be compromised with some malware that makes the startup slow or that the data can be stolen from there, to execute this analysis we are going to open the console as administrator:

 

image

 

step 22

We go to the path where Windows Defender is and then we execute the following command for boot analysis:
 MpCmdRun.exe -Scan -ScanType -BootSectorScan 
image

 

Step 23

We wait for the analysis to finish:

 

image

 

step 24

If we want to list the files in quarantine, we will execute the following command. In this case we do not have elements there.
 MpCmdRun.exe -Restore -ListAll 
image

 

step 25

To update the signatures we execute the command:
 MpCmdRun.exe -SignatureUpdate 
image

 

Step 26

Now we can verify the status of the cloud service, for this we are going to execute the following command:
 MpCmdRun.exe -ValidateMapsConnection 
image

 

step 27

We can see the result of the connectivity tests.
We can recover files, for this we first execute the following command to create the respective file:
 MpCmdRun.exe -GetFiles 
image

 

Step 28

Numerous processes will be loaded there:

 

image

 

Step 29

We wait for the file to be created and we take into account the location:

 

image

 

step 30

Now we go to the path where the file was saved and to access it we will see the following:

 

image

 

step 31

We will see the file:

 

image

 

step 32

We right click on the .cab file and select "Open with - Windows Explorer":

 

image

 

Step 33

We will have access to the content:

 

image

 

Step 34

If we want to remove the definitions we will execute the following command:
MpCmdRun.exe -RemoveDefinitions -All

 

33

 

step 35

To remove only the dynamic signatures we will use the command:
MpCmdRun.exe -RemoveDefinitions -DynamicSignatures

 

3. 4

 

Step 36

After this it will be possible to update the signatures again with the command:

 

MpCmdRun.exe -SignatureUpdate

 

35

 

Step 37

In case of failures we can reset Windows Defender to its values ​​using the following command:
MpCmdRun.exe -ResetPlatform

 

36

 

Step 38

Or we can revert the platform to the previous version using the following command:
MpCmdRun.exe -RevertPlatform

 

37

 

This is how this utility gives us the opportunity to perform various types of analysis on the system to make sure that everything is protected, this covers both the parameters of the equipment and the system as well as the user's files and is an integral way of executing the alternatives provided by the Windows antivirus.

 

 


by (3.5m points)
edited

Related questions

+4 votes
1 answer
asked Mar 26, 2021 in Windows 10 by backtothefuture (552k points) | 169 views
+5 votes
1 answer
+4 votes
1 answer
+3 votes
1 answer
+5 votes
1 answer
asked Oct 8, 2019 in Security by backtothefuture (552k points) | 366 views
Sponsored articles cost $40 per post. You can contact us via Feedback

Most popular questions within the last 30 days

10,659 questions
10,791 answers
510 comments
3 users