Command Line Utility for Microsoft Security Essentials

Microsoft Security Essentials has the ability to scan, update or run other tasks from the command prompt. The application MpCmdRun.exe is situated in the %ProgramFiles%\Microsoft Security Essentials folder and is called as the Microsoft Antimalware Service Command Line Utility.

You can use this tool to automate and troubleshoot Microsoft Antimalware Service.

To do so, open command prompt as an administrator.

Type “%Program Files%\Microsoft Security Essentials\MpCmdRun.exe” -? / -h -options to get the entire list of commands.

mse cmd

So for instance if you wish to do a quick scan from the command line, you can use -Scan 1 parameter.

If you wish to create a shortcut to update your MSE you can use the following command:

“%ProgramFiles%\Microsoft Security Essentials\MpCmdRun.exe” –signatureupdate

Here is the entire list which I have simply copy-pasted from the command prompt results:

Usage: MpCmdRun.exe [command] [-options]

Command Descriptions:

-? / -h : Displays all available options for this tool
-Trace [-Grouping #] [-Level #] :  Starts diagnostic tracing
-RemoveDefinitions [-All] : Restores the installed signature definitions to a previous backup copy or to the original default set of signatures
-RestoreDefaults : Resets the registry values for Microsoft Antimalware Service settings to known good defaults
-SignatureUpdate [-UNC] : Checks for new definition updates
-Scan [-ScanType] : Scans for malicious software
-Restore -Name <name> [-All] : Restore the most recently or all quarantined item(s) based on name
-GetFiles : Collects support information

Additional Information:

Support information will be in the following directory: C:\ProgramData\Microsoft\Microsoft Antimalware\Support

-Scan [-ScanType]
0  Default, according to your configuration
1  Quick scan
2  Full system scan

-Trace [-Grouping value] [-Level value]
Begins tracing Microsoft Antimalware Service’s actions.
You can specify the components for which tracing is enabled and
how much information is recorded.
If no component is specified, all the components will be logged.
If no level is specified, the Error, Warning and Informational levels
will be logged. The data will be stored in the support directory
as a file having the current timestamp in its name and bearing
the extension BIN.

0x1    Service
0x2    Malware Protection Engine
0x4    User Interface
0x8    Real-Time Protection
0x10   Scheduled actions

0x1    Errors
0x2    Warnings
0x4    Informational messages
0x8    Function calls
0x10   Verbose
0x20   Performance

Gathers the following log files and packages them together in a
compressed file in the support directory

– Any trace files from Microsoft Antimalware Service
– The Windows Update history log
– All Microsoft Antimalware Service events from the System event log
– All relevant Microsoft Antimalware Service registry locations
– The log file of this tool
– The log file of the signature update helper tool

Restores the last set of signature definitions

Removes any installed signature and engine files. Use this
option if you have difficulties trying to update signatures.

Removes all Dynamic Signatures.

Resets all configuration options to their default values; this is the
equivalent of running Microsoft Antimalware Service setup

Checks for new definition updates

Performs update directly from UNC file shares

-Restore -Name <name>
Restores the most recently quarantined item based on name

Restores all the quarantined items based on name

-AddDynamicSignature -Path <path>
Adds a Dynamic Signature specified by <path>

-RemoveDynamicSignature -Name <name>
Removes a Dynamic Signature specified by <name>

Posted by on , in Category Windows with Tags
Anand Khanse aka HappyAndyK is an end-user Windows enthusiast, a Microsoft MVP in Windows, since 2006, and the Admin of Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.

Comments are closed.