1 How to Check for Updates for Windows Defender in the Command Line2 How to Perform a Quick Virus Scan with he CMD Scan Command3 How to Perform a Full Virus Scan via Microsoft Defender CMD Command4 How to Perform a Custom Command line AntiVirus Scan5 How to Perform a Boot Sector Malware Scan with the Windows Defender Command Line Tool6 How to Restore Quarantined Items via a Windows Defender CMD Command
Though Microsoft Defender is easier to control from the Windows Security app, command-line antivirus is also quite simple and presents many of the same options. Importantly, it also allows you to automate your anti-malware tasks if you wish. You could create a script to automatically perform a quick scan at a certain time, for example, or to perform the same scans across multiple PCs. In this tutorial, we’ll be showing how to update Windows Defender with CMD, as well as how to perform a quick, full, or custom scan. By the end of it, you should have a good idea of how command-line antivirus works.
How to Check for Updates for Windows Defender in the Command Line
How to Perform a Quick Virus Scan with he CMD Scan Command
How to Perform a Full Virus Scan via Microsoft Defender CMD Command
How to Perform a Custom Command line AntiVirus Scan
How to Perform a Boot Sector Malware Scan with the Windows Defender Command Line Tool
How to Restore Quarantined Items via a Windows Defender CMD Command
cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18* Now you can run a Windows Defender command-line update by typing: MpCmdRun -SignatureUpdate The tool will check for the most recent update and download and install it automatically if one is available.
First, open CMD by typing “Command Prompt” in your Start menu and then clicking “Run as administrator” on the right-hand side.
cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18* Then, run the following command to uninstall the most recent definitions: MpCmdRun -RemoveDefinitions -All The -All option restores previous definitions from the default set of signatures.
MpCmdRun -RemoveDefinitions -Engine
MpCmdRun -RemoveDefinitions -DynamicSignatures
First, we need to navigate to the folder where Windows Defender is installed. cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18* Now we’re ready to run the CMD quick scan command: MpCmdRun -Scan -ScanType 1 The scan will begin, stopping itself automatically if it takes longer than a day.
Press Start and then type “Command Prompt”. With the application selected, click “Run as administrator” in the sidebar.
Before we can run our CMD scan, we need to navigate to the folder our anti-virus tool lives in: cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18* Now we can run our full command-line anti-virus scan: MpCmdRun -Scan -ScanType 2 If you followed the quick scan section, you’ll notice that this command is identical, except the scan type has been changed from 1 to 2. The scan will start and will take a very long time. The more files you have on your PC, the longer it will take.
Press the Start button, type Command Prompt, then click “Run as administrator” on the right-hand side with it selected.
In your CMD window, type the following to navigate to your Windows Defender folder. cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18* Now run the following command, switching C:/file/or/folder/path with the path to your file or folder. MpCmdRun -Scan -ScanType 3 -File C:\file\or\folder\path The scan will start, and shouldn’t take too long if there are only a few files.
You can also define a timeout period for your scan in case it takes too long. Simply navigate to your Defender folder with cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18* and run the following command: MpCmdRun -Scan -ScanType 3 -File C:\your\folder\or\file\path -Timeout 1 Remember to switch the file path for the folder of your choice and that the timeout number represents days, not hours.
Thankfully, Windows Defender has a specific tool to find and resolve these issues – the boot sector scan. Even better, you can run it from the command line if you can’t access your normal OS. Here’s how: Press Start and type “Command Prompt”, then click “Run as administrator” in the right-hand panel of the Start menu.
First, navigate to the Windows Defender folder with: cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18* Then, run the following command: MpCmdRun -Scan -ScanType -BootSectorScan The command line anti-virus tool will then scan your boot sector for any malicious code and remove it if it can.
Press Start, then type Command Prompt. With the tool selected, press “Run as administrator” on the right-hand side.
Navigate to the Microsoft Defender folder with the following command: cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18* Now you can run the following command to view your quarantined items: MpCmdRun -Restore -ListAll Reference the list and type the following to restore a specific quarantined item: MpCmdRun -Restore -Name ITEM-NAME Alternatively, restore a file to a specific path with: MpCmdRun -Restore -Name ITEM-NAME -FilePath PATH\TO\RESTORE Your items will be returned to their original or specified location.
With that, you should have all the tools you need to perform command line antivirus activities. However, to get the most out of Windows Defender, you may want to learn how to perform a scheduled scan or turn on the hidden adware scanner.