Command Line Utility for Microsoft Security Essentials
Microsoft Security Essentials has the ability to scan, update or run other tasks from the command prompt. The application MpCmdRun.exe is situated in the %ProgramFiles%\Microsoft Security Essentials folder and is called as the Microsoft Antimalware Service Command Line Utility.
You can use this tool to automate and troubleshoot Microsoft Antimalware Service.
To do so, open command prompts as an administrator.
Type “%Program Files%\Microsoft Security Essentials\MpCmdRun.exe” -? / -h -options to get the entire list of commands.
So for instance if you wish to do a quick scan from the command line, you can use -Scan 1 parameter.
If you wish to create a shortcut to update your MSE you can use the following command:
“%ProgramFiles%\Microsoft Security Essentials\MpCmdRun.exe” –signatureupdate
Here is the entire list which I have simply copy-pasted from the command prompt results:
Usage: MpCmdRun.exe [command] [-options]
Command Descriptions:
-? / -h : Displays all available options for this tool
-Trace [-Grouping #] [-Level #] : Starts diagnostic tracing
-RemoveDefinitions [-All] : Restores the installed signature definitions to a previous backup copy or to the original default set of signatures
-RestoreDefaults : Resets the registry values for Microsoft Antimalware Service settings to known good defaults
-SignatureUpdate [-UNC] : Checks for new definition updates
-Scan [-ScanType] : Scans for malicious software
-Restore -Name <name> [-All] : Restore the most recently or all quarantined item(s) based on name
-GetFiles : Collects support information
Additional Information:
Support information will be in the following directory: C:\ProgramData\Microsoft\Microsoft Antimalware\Support
-Scan [-ScanType]
0 Default, according to your configuration
1 Quick scan
2 Full system scan
-Trace [-Grouping value] [-Level value]
Begins tracing Microsoft Antimalware Service’s actions.
You can specify the components for which tracing is enabled and
how much information is recorded.
If no component is specified, all the components will be logged.
If no level is specified, the Error, Warning and Informational levels
will be logged. The data will be stored in the support directory
as a file having the current timestamp in its name and bearing
the extension BIN.
[-Grouping]
0×1 Service
0×2 Malware Protection Engine
0×4 User Interface
0×8 Real-Time Protection
0×10 Scheduled actions
[-Level]
0×1 Errors
0×2 Warnings
0×4 Informational messages
0×8 Function calls
0×10 Verbose
0×20 Performance
-GetFiles
Gathers the following log files and packages them together in a
compressed file in the support directory
- Any trace files from Microsoft Antimalware Service
- The Windows Update history log
- All Microsoft Antimalware Service events from the System event log
- All relevant Microsoft Antimalware Service registry locations
- The log file of this tool
- The log file of the signature update helper tool
-RemoveDefinitions
Restores the last set of signature definitions
[-All]
Removes any installed signature and engine files. Use this
option if you have difficulties trying to update signatures.
[-DynamicSignatures]
Removes all Dynamic Signatures.
-RestoreDefaults
Resets all configuration options to their default values; this is the
equivalent of running Microsoft Antimalware Service setup
unattended.
-SignatureUpdate
Checks for new definition updates
[-UNC]
Performs update directly from UNC file shares
-Restore -Name <name>
Restores the most recently quarantined item based on name
[-All]
Restores all the quarantined items based on name
-AddDynamicSignature -Path <path>
Adds a Dynamic Signature specified by <path>
-RemoveDynamicSignature -Name <name>
Removes a Dynamic Signature specified by <name>
Related posts:
Recent posts:
Popular posts:
Comments are closed.