Microsoft Security Essentials has the ability to scan, update or run other tasks from the command prompt. The application MpCmdRun.exe is situated in the %ProgramFiles%\Microsoft Security Essentials folder and is called as the Microsoft Antimalware Service Command Line Utility.
You can use this tool to automate and troubleshoot Microsoft Antimalware Service.
To do so, open command prompt as an administrator.
Type “%Program Files%\Microsoft Security Essentials\MpCmdRun.exe” -? / -h -options to get the entire list of commands.
So for instance if you wish to do a quick scan from the command line, you can use -Scan 1 parameter.
If you wish to create a shortcut to update your MSE you can use the following command:
“%ProgramFiles%\Microsoft Security Essentials\MpCmdRun.exe” –signatureupdate
Here is the entire list which I have simply copy-pasted from the command prompt results:
Usage: MpCmdRun.exe [command] [-options]
-? / -h : Displays all available options for this tool
-Trace [-Grouping #] [-Level #] : Starts diagnostic tracing
-RemoveDefinitions [-All] : Restores the installed signature definitions to a previous backup copy or to the original default set of signatures
-RestoreDefaults : Resets the registry values for Microsoft Antimalware Service settings to known good defaults
-SignatureUpdate [-UNC] : Checks for new definition updates
-Scan [-ScanType] : Scans for malicious software
-Restore -Name <name> [-All] : Restore the most recently or all quarantined item(s) based on name
-GetFiles : Collects support information
Support information will be in the following directory: C:\ProgramData\Microsoft\Microsoft Antimalware\Support
0 Default, according to your configuration
1 Quick scan
2 Full system scan
-Trace [-Grouping value] [-Level value]
Begins tracing Microsoft Antimalware Service’s actions.
You can specify the components for which tracing is enabled and
how much information is recorded.
If no component is specified, all the components will be logged.
If no level is specified, the Error, Warning and Informational levels
will be logged. The data will be stored in the support directory
as a file having the current timestamp in its name and bearing
the extension BIN.
0x2 Malware Protection Engine
0x4 User Interface
0x8 Real-Time Protection
0x10 Scheduled actions
0x4 Informational messages
0x8 Function calls
Gathers the following log files and packages them together in a
compressed file in the support directory
– Any trace files from Microsoft Antimalware Service
– The Windows Update history log
– All Microsoft Antimalware Service events from the System event log
– All relevant Microsoft Antimalware Service registry locations
– The log file of this tool
– The log file of the signature update helper tool
Restores the last set of signature definitions
Removes any installed signature and engine files. Use this
option if you have difficulties trying to update signatures.
Removes all Dynamic Signatures.
Resets all configuration options to their default values; this is the
equivalent of running Microsoft Antimalware Service setup
Checks for new definition updates
Performs update directly from UNC file shares
-Restore -Name <name>
Restores the most recently quarantined item based on name
Restores all the quarantined items based on name
-AddDynamicSignature -Path <path>
Adds a Dynamic Signature specified by <path>
-RemoveDynamicSignature -Name <name>
Removes a Dynamic Signature specified by <name>