Skip to main content

How to use Microsoft Defender Antivirus with Command Prompt on Windows 10

Microsoft Defender Antivirus on Command Prompt
Microsoft Defender Antivirus on Command Prompt (Image credit: Windows Central )

On Windows 10, Microsoft Defender Antivirus provides advanced real-time protection to protect your device and files against viruses, ransomware, spyware, rootkits, and other forms of malware, including hackers.

Although you can easily control the feature using the Windows Security app, you can also handle various aspects of the antivirus (updates, scans, and quarantined items) through Command Prompt. Usually, managing the experience with commands can be useful in many situations. For instance, when you need to use a script to automate some of the anti-malware tasks. You want to set a specific schedule to download updates or perform a quick, full, or custom scan. Or when you need to complete particular tasks on multiple computers.

In this Windows 10 guide, we will walk you through the steps to manage Microsoft Defender Antivirus with Command Prompt.

How to check for updates on Microsoft Defender

To check and download updates for Microsoft Defender, use these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to open the antivirus tool location and press Enter:cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*
  4. Type the following command to check and update Microsoft Defender Antivirus and press Enter:MpCmdRun -SignatureUpdate

Source: Windows Central (Image credit: Source: Windows Central)

Once you complete the steps, the tool will check and download any update available for the built-in antivirus.

Uninstall definitions updates

You can also remove previously installed updates with these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to open the antivirus tool location and press Enter:cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*
  4. Type the following command to remove the most recent definitions and press Enter:MpCmdRun -RemoveDefinitions -AllThe -All option restores the previous definitions from the backup or original default set of signatures.
  5. Type the following command to rollback the engine version and press Enter:MpCmdRun -RemoveDefinitions -EngineThe -Engine option rolls back to the previous version of the antivirus engine.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Type the following command to remove dynamic signature updates and press Enter:MpCmdRun -RemoveDefinitions -DynamicSignaturesThe -DynamicSignatures option uninstalls only the dynamic signatures.

After you complete the steps, the definitions will be removed from your computer according to your configuration.

How to perform quick virus scan with Microsoft Defender

To perform a quick Microsoft Defender scan, use these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to open the antivirus tool location and press Enter:cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*
  4. Type the following command to perform a quick antivirus scan and press Enter:MpCmdRun -Scan -ScanType 1Quick tip: You can also replace 1 with the 0 option in the command to start a default scan according to your configuration.

Source: Windows Central (Image credit: Source: Windows Central)

Once you complete the steps, the scan will begin, but it takes more than one day, the process will stop automatically.

How to perform full virus scan with Microsoft Defender

To perform a full Microsoft Defender scan with Command Prompt, use these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to open the antivirus tool location and press Enter:cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*
  4. Type the following command to perform a full antivirus scan and press Enter:MpCmdRun -Scan -ScanType 2

Source: Windows Central (Image credit: Source: Windows Central)

After you complete the steps, the antivirus will perform a full malware scan on your device. Depending on the amount of data, this process can take a very long time.

How to perform custom virus scan with Microsoft Defender

To customize a malware scan using Command Prompt, use these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to open the antivirus tool location and press Enter:cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*
  4. Type the following command to perform a custom antivirus scan and press Enter:MpCmdRun -Scan -ScanType 3 -File PATH\TO\FOLDER-FILESIn the command, make sure to specify the path to the folder you want to scan.For example, this command scans the "Downloads" folder:MpCmdRun -Scan -ScanType 3 -File C:\Users\username\Downloads

Source: Windows Central (Image credit: Source: Windows Central)
  1. (Optional) Type the following command to perform a custom scan with timeout time and press Enter:MpCmdRun -Scan -ScanType 3 -File PATH\TO\FOLDER-FILES -Timeout 1In the command, make sure to specify the path to the folder you want to scan.For example, this command scans the "Downloads" folder and sets the timeout to one day:MpCmdRun -Scan -ScanType 3 -File C:\Users\username\Downloads -Timeout 1Quick note: You can always change the number for the timeout option to specify another number of days. The option is also available for quick and full scan commands.

Once you complete the steps, the anti-malware solution will only scan the location you specified. If you are using the "-Timeout" option, then if the scan is taking a long time, it will timeout once the time you specified has been reached.

How to perform boot sector malware scan on Microsoft Defender

On Windows 10, the boot sector is an essential section in the installation drive that stores the instructions on how to start the boot process. Sometimes, viruses can also attack the boot sector causing unwanted behaviors, which can be challenging to troubleshoot and fix. However, Microsoft Defender Antivirus includes an option to check and remove malicious code that may be residing in the boot sector.

To scan the boot sector for malware with Microsoft Defender, use these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to open the antivirus tool location and press Enter:cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*
  4. Type the following command to perform a custom antivirus scan and press Enter:MpCmdRun -Scan -ScanType -BootSectorScan

Source: Windows Central (Image credit: Source: Windows Central)

After you complete the steps, Microsoft Defender Antivirus will scan the boot sector for any malicious code that may be affecting the device.

How to restore quarantined items on Microsoft Defender

The Microsoft Defender Antivirus command-line tool also includes an option to view a list of quarantined items and another option to restore items that might have been detected as malicious when they are not harmful.

To view and restore quarantined items with Command Prompt, use these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to open the antivirus tool location and press Enter:cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*
  4. Type the following command to view quarantined items and press Enter:MpCmdRun -Restore -ListAll

Source: Windows Central (Image credit: Source: Windows Central)
  1. Type the following command to restore all quarantined item and press Enter:MpCmdRun -Restore -All
  2. Type the following command to restore a specific quarantined item and press Enter:MpCmdRun -Restore -Name ITEM-NAMEIn the command, replace the "ITEM-NAME" for the name of the quarantined item you want to restore.
  3. Type the following command to restore a specific quarantined item to a specific path and press Enter:MpCmdRun -Restore -Name ITEM-NAME -FilePath PATH\TO\RESTOREDIn the command, make sure to specify the path to restore the item.For example, this command restores a specific item to the Documents folder:MpCmdRun -Restore -Name app.exe -FilePath C:\Users\username\Downloads

Once you complete the steps, the items will be restored in the original or alternate location, depending on the command.

This guide focuses on the more important commands you can use with Command Prompt, but the tool includes additional options, which you can view running the

MpCmdRun

command.

While you can manage a number of functions through Command Prompt, the tool is quite limited. For example, you cannot start an offline scan or change preferences. If you want to manage settings and control virtually every aspect of Microsoft Defender Antivirus with commands, you should be using the PowerShell modules instead.

Mauro Huculak is technical writer for WindowsCentral.com. His primary focus is to write comprehensive how-tos to help users get the most out of Windows 10 and its many related technologies. He has an IT background with professional certifications from Microsoft, Cisco, and CompTIA, and he's a recognized member of the Microsoft MVP community.

28 Comments
  • Cool. But what is the use?
  • Just another way to use the antivirus, plus you can automate tasks using the Task Scheduler, creating shortcuts, and more. Thanks,
  • Is it also possible to use PowerShell?
  • With command line utilities, you can schedule custom activities. Also, if you are running on a Windows server where the GUI is not present / removed, you could use commands like these to run / control the utility. Further to this, you could also use the commands to add them to a script of some kind (such as a configuration script).
  • Why is it that Windows central always seems to be provoking us by showing stupid chrome on their desktop, for no reason, when doing articles? Mauro Huculak go f..... Yourself along with Scroogle and their chrome browser.
  • 1.) Tech enthusiast Mauro Huculak was 2 times awarded as Microsoft MVP .
    2.) Google Chrome is an Advertising partner of WindowsCentral . And WengWeng_21 ?? seems to be the "f... troll of the day" !
  • How can a Windows fan on Windows central be a troll? Go get a life Google lover.
  • It just sick me to see Microsoft and those who claim to support Windows advertising for Google and apple. I have never seen Google or apple supporting Microsoft in their own platform. Look how Google have publish a bug in Windows that could jeopardize the users without giving Microsoft enough time to patch it, yet Windows central still promotes their product :(
  • You'll get more information about WindowsCentral on this page : https://www.mobilenations.com
  • Home to the most loyal and passionate Microsoft fans, Windows Central is the next-generation destination for news, advice and buying recommendations on the Windows ecosystem, products, and accessories.
    That's what I saw and literally read through the whole page. Clearly Windows central is for the fans so no need to advertise Google products. No where did it say anything about Google partnering with Windows central.
  • someone has to pay their bills, you know ...
  • If it is like other Windows functions, you can do more powerful functions through command line interface.
  • In case anyone is interested, you can also run / configure Defender through PowerShell: https://technet.microsoft.com/en-us/library/dn433280.aspx
  • I LOVE CMD
  • A timely article since the last few Insider OS builds won't complete with a 3rd party AV installed. Have to use WD in the interim.
  • I've been using Windows Defender exclusively on my Surface Pro 4 and don't have any issues.
    .
    I would say it is as good as Avast! and AVG.
  • Windows + I is keyboard shortcut for Settings and not for power user menu. It is Windows + X
  • This is correct. It appears to be wrong in the article.
  • CMD will never die.
  • CMD is just a legacy application in Windows 10. Microsoft would rather want you to use PowerShell or Bash
  • Great. WD is the only antivirus I use. Never needed another.
  • same
  • very useful
  • Hi, Mauro! Tell me how to turn off Windows Defender permanently, because I already have a fourth time BSOD when installing build 14959. I suppose that because of Windows Defender, which automatically turns on when the PC is rebooted in time of installation.
  • Not recommended, but here you go: http://www.windowscentral.com/how-permanently-disable-windows-defender-windows-10 Thanks,
  • Thx, I try 5th time...
  • Since you consider yourself so smart ghat you knew the culprit of bsod by "assumption". Figure it out yourself.
  • These directions are wrong. To silently run a full scan from command prompt its actually "\Windows Defender\MpCmdRun.exe" -Scan 3 Adding ScanType throws an error