Knowing how to run Windows Defender from the command line can be very useful. Perhaps you’ve been locked out of its UI due to malware, are trying to run a scan from recovery media, or are using a GUI-less Windows Server install. In any of these situations, knowing a scan command or two can save you a lot of trouble.

Though Microsoft Defender is easier to control from the Windows Security app, command-line antivirus is also quite simple and presents many of the same options. Importantly, it also allows you to automate your anti-malware tasks if you wish. You could create a script to automatically perform a quick scan at a certain time, for example, or to perform the same scans across multiple PCs.

In this tutorial, we’ll be showing how to update Windows Defender with CMD, as well as how to perform a quick, full, or custom scan. By the end of it, you should have a good idea of how command-line antivirus works.

Advertisement

How to Check for Updates for Windows Defender in the Command Line

One task that admins are particularly eager to automate is updates. Knowing how to update Microsoft Defender from the command line will allow you to build it into an automatic update script so you never forget.

  1. Open Command Prompt

    Press Start and then type “Command Prompt”. With the application selected, click “Run as administrator” in the sidebar.

  2. Open and update the command line antivirus

    To open the location of the command line anti-virus in CMD, paste the following:

    cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

    Now you can run a Windows Defender command-line update by typing:

    MpCmdRun -SignatureUpdate

    The tool will check for the most recent update and download and install it automatically if one is available.

  3. How to remove previously installed Microsoft Defender updates

    So you know how to install updates, but what if you downloaded a faulty one? You can uninstall the most recent definitions with CMD.

    First, open CMD by typing “Command Prompt” in your Start menu and then clicking “Run as administrator” on the right-hand side.

  4. Navigate to the Windows Defender folder and run the remove command

    In your CMD window, type the following to navigate to your Windows Defender folder.

    cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

    Then, run the following command to uninstall the most recent definitions:

    MpCmdRun -RemoveDefinitions -All

    The -All option restores previous definitions from the default set of signatures.

  5. Rollback the engine version

    To roll back the engine version, type the following and press Enter:

    MpCmdRun -RemoveDefinitions -Engine

  6. Remove dynamic signature updates

    You can uninstall only dynamic signatures by typing the following command and pressing Enter:

    MpCmdRun -RemoveDefinitions -DynamicSignatures

How to Perform a Quick Virus Scan with he CMD Scan Command

In most cases, you should run a quick scan before any other type. This will cause Windows Defender to scan the most commonly infected files so you can quickly take action. You can use Windows Defender in the Command line to start one in less than a minute.

  1. Open Command Prompt

    Press the Start button and type “Command Prompt”, then click “Run as administrator” on the right-hand side.

  2. Navigate to the Windows Defender folder and run the quick scan command

    First, we need to navigate to the folder where Windows Defender is installed.

    cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

    Now we’re ready to run the CMD quick scan command:

    MpCmdRun -Scan -ScanType 1

    The scan will begin, stopping itself automatically if it takes longer than a day.

How to Perform a Full Virus Scan via Microsoft Defender CMD Command

So, your quick scan found some issues or found no issues, but you’re still seeing virus symptoms. The full scan will check every file on your PC for malware. Here’s how you can run it with a CMD scan command:

  1. Open Command Prompt

    Press Start and then type “Command Prompt”. With the application selected, click “Run as administrator” in the sidebar.

  2. Open the Windows Defender folder and run the full CMD scan command

    Before we can run our CMD scan, we need to navigate to the folder our anti-virus tool lives in:

    cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

    Now we can run our full command-line anti-virus scan:

    MpCmdRun -Scan -ScanType 2

    If you followed the quick scan section, you’ll notice that this command is identical, except the scan type has been changed from 1 to 2.

    The scan will start and will take a very long time. The more files you have on your PC, the longer it will take.

How to Perform a Custom Command line AntiVirus Scan

If you just want to tell if a file you just downloaded is safe, you can perform a custom CMD scan by pointing it to a specific folder or file.

  1. Open Command Prompt

    Press the Start button, type Command Prompt, then click “Run as administrator” on the right-hand side with it selected.

  2. Run the custom malware scan

    In your CMD window, type the following to navigate to your Windows Defender folder.

    cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

    Now run the following command, switching C:/file/or/folder/path with the path to your file or folder.

    MpCmdRun -Scan -ScanType 3 -File C:\file\or\folder\path

    The scan will start, and shouldn’t take too long if there are only a few files.

  3. Optional: Run the custom scan command with a timeout option

    You can also define a timeout period for your scan in case it takes too long. Simply navigate to your Defender folder with cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18* and run the following command:

    MpCmdRun -Scan -ScanType 3 -File C:\your\folder\or\file\path -Timeout 1

    Remember to switch the file path for the folder of your choice and that the timeout number represents days, not hours.

How to Perform a Boot Sector Malware Scan with the Windows Defender Command Line Tool

If you have a particularly nasty virus, it may have attacked your boot sector – the part of your PC that stores instructions that inform the startup process. Because such modifications can make it difficult to boot into your OS and cause other unwanted behavior, this can be hard to fix.

Thankfully, Windows Defender has a specific tool to find and resolve these issues – the boot sector scan. Even better, you can run it from the command line if you can’t access your normal OS. Here’s how:

  1. Open Command Prompt

    Press Start and type “Command Prompt”, then click “Run as administrator” in the right-hand panel of the Start menu.

  2. Run a boot sector CMD scan

    First, navigate to the Windows Defender folder with:

    cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

    Then, run the following command:

    MpCmdRun -Scan -ScanType -BootSectorScan

    The command line anti-virus tool will then scan your boot sector for any malicious code and remove it if it can.

How to Restore Quarantined Items via a Windows Defender CMD Command

Last but not least, the Windows Defender Command-line tool lets you list and restore items that have been automatically quarantined. This can be useful if you’re sure a safe item has been removed.

  1. Open Command Prompt

    Press Start, then type Command Prompt. With the tool selected, press “Run as administrator” on the right-hand side.

  2. Restore quarantined items

    Navigate to the Microsoft Defender folder with the following command:

    cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

    Now you can run the following command to view your quarantined items:

    MpCmdRun -Restore -ListAll

    Reference the list and type the following to restore a specific quarantined item:

    MpCmdRun -Restore -Name ITEM-NAME

    Alternatively, restore a file to a specific path with:

    MpCmdRun -Restore -Name ITEM-NAME -FilePath PATH\TO\RESTORE

    Your items will be returned to their original or specified location.

    With that, you should have all the tools you need to perform command line antivirus activities. However, to get the most out of Windows Defender, you may want to learn how to perform a scheduled scan or turn on the hidden adware scanner.

Advertisement