Microsoft Defender Antivirus on Command PromptSource: Windows Central

On Windows 10, Microsoft Defender Antivirus provides advanced real-time protection to protect your device and files against viruses, ransomware, spyware, rootkits, and other forms of malware, including hackers.

Although you can easily control the feature using the Windows Security app, you can also handle various aspects of the antivirus (updates, scans, and quarantined items) through Command Prompt. Usually, managing the experience with commands can be useful in many situations. For instance, when you need to use a script to automate some of the anti-malware tasks. You want to set a specific schedule to download updates or perform a quick, full, or custom scan. Or when you need to complete particular tasks on multiple computers.

VPN Deals: Lifetime license for $16, monthly plans at $1 & more

In this Windows 10 guide, we will walk you through the steps to manage Microsoft Defender Antivirus with Command Prompt.

How to check for updates on Microsoft Defender

To check and download updates for Microsoft Defender, use these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to open the antivirus tool location and press Enter:

    cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

  4. Type the following command to check and update Microsoft Defender Antivirus and press Enter:

    MpCmdRun -SignatureUpdate

    Microsoft Defender update commandSource: Windows Central

Once you complete the steps, the tool will check and download any update available for the built-in antivirus.

Uninstall definitions updates

You can also remove previously installed updates with these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to open the antivirus tool location and press Enter:

    cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

  4. Type the following command to remove the most recent definitions and press Enter:

    MpCmdRun -RemoveDefinitions -All

    The -All option restores the previous definitions from the backup or original default set of signatures.

  5. Type the following command to rollback the engine version and press Enter:

    MpCmdRun -RemoveDefinitions -Engine

    Microsoft Defender remove definitionsSource: Windows Central

    The -Engine option rolls back to the previous version of the antivirus engine.

  6. Type the following command to remove dynamic signature updates and press Enter:

    MpCmdRun -RemoveDefinitions -DynamicSignatures

    The -DynamicSignatures option uninstalls only the dynamic signatures.

After you complete the steps, the definitions will be removed from your computer according to your configuration.

How to perform quick virus scan with Microsoft Defender

To perform a quick Microsoft Defender scan, use these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to open the antivirus tool location and press Enter:

    cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

  4. Type the following command to perform a quick antivirus scan and press Enter:

    MpCmdRun -Scan -ScanType 1

    Microsoft Defender quick scan commandSource: Windows Central

    Quick tip: You can also replace 1 with the 0 option in the command to start a default scan according to your configuration.

Once you complete the steps, the scan will begin, but it takes more than one day, the process will stop automatically.

How to perform full virus scan with Microsoft Defender

To perform a full Microsoft Defender scan with Command Prompt, use these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to open the antivirus tool location and press Enter:

    cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

  4. Type the following command to perform a full antivirus scan and press Enter:

    MpCmdRun -Scan -ScanType 2

    Microsoft Defender full scan commandSource: Windows Central

After you complete the steps, the antivirus will perform a full malware scan on your device. Depending on the amount of data, this process can take a very long time.

How to perform custom virus scan with Microsoft Defender

To customize a malware scan using Command Prompt, use these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to open the antivirus tool location and press Enter:

    cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

  4. Type the following command to perform a custom antivirus scan and press Enter:

    MpCmdRun -Scan -ScanType 3 -File PATH\TO\FOLDER-FILES

    In the command, make sure to specify the path to the folder you want to scan.

    For example, this command scans the "Downloads" folder:

    MpCmdRun -Scan -ScanType 3 -File C:\Users\username\Downloads

    Microsoft Defender custom scanSource: Windows Central

  5. (Optional) Type the following command to perform a custom scan with timeout time and press Enter:

    MpCmdRun -Scan -ScanType 3 -File PATH\TO\FOLDER-FILES -Timeout 1

    In the command, make sure to specify the path to the folder you want to scan.

    For example, this command scans the "Downloads" folder and sets the timeout to one day:

    MpCmdRun -Scan -ScanType 3 -File C:\Users\username\Downloads -Timeout 1

    Quick note: You can always change the number for the timeout option to specify another number of days. The option is also available for quick and full scan commands.

Once you complete the steps, the anti-malware solution will only scan the location you specified. If you are using the "-Timeout" option, then if the scan is taking a long time, it will timeout once the time you specified has been reached.

How to perform boot sector malware scan on Microsoft Defender

On Windows 10, the boot sector is an essential section in the installation drive that stores the instructions on how to start the boot process. Sometimes, viruses can also attack the boot sector causing unwanted behaviors, which can be challenging to troubleshoot and fix. However, Microsoft Defender Antivirus includes an option to check and remove malicious code that may be residing in the boot sector.

To scan the boot sector for malware with Microsoft Defender, use these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to open the antivirus tool location and press Enter:

    cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

  4. Type the following command to perform a custom antivirus scan and press Enter:

    MpCmdRun -Scan -ScanType -BootSectorScan

    Microsoft Defender boot sector scanSource: Windows Central

After you complete the steps, Microsoft Defender Antivirus will scan the boot sector for any malicious code that may be affecting the device.

How to restore quarantined items on Microsoft Defender

The Microsoft Defender Antivirus command-line tool also includes an option to view a list of quarantined items and another option to restore items that might have been detected as malicious when they are not harmful.

To view and restore quarantined items with Command Prompt, use these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to open the antivirus tool location and press Enter:

    cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

  4. Type the following command to view quarantined items and press Enter:

    MpCmdRun -Restore -ListAll

    Microsoft Defender restore commandSource: Windows Central

  5. Type the following command to restore all quarantined item and press Enter:

    MpCmdRun -Restore -All

  6. Type the following command to restore a specific quarantined item and press Enter:

    MpCmdRun -Restore -Name ITEM-NAME

    In the command, replace the "ITEM-NAME" for the name of the quarantined item you want to restore.

  7. Type the following command to restore a specific quarantined item to a specific path and press Enter:

    MpCmdRun -Restore -Name ITEM-NAME -FilePath PATH\TO\RESTORED

    In the command, make sure to specify the path to restore the item.

    For example, this command restores a specific item to the Documents folder:

    MpCmdRun -Restore -Name app.exe -FilePath C:\Users\username\Downloads

Once you complete the steps, the items will be restored in the original or alternate location, depending on the command.

This guide focuses on the more important commands you can use with Command Prompt, but the tool includes additional options, which you can view running the MpCmdRun command.

While you can manage a number of functions through Command Prompt, the tool is quite limited. For example, you cannot start an offline scan or change preferences. If you want to manage settings and control virtually every aspect of Microsoft Defender Antivirus with commands, you should be using the PowerShell modules instead.

More Windows 10 resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources: