C program files windows defender mpcmdrun exe

Most users know that Windows Defender scans can be automated by using the console tool MpCmdRun.exe with Task Scheduler. But, did you know you can run a scheduled scan interactively (in GUI mode), that is without using Windows Defender’s console utility? This post lists some command-line switches to do that.

---

Update: MSASCui.exe has been removed by Microsoft as of Windows 10 version 1809. The Windows Defender command-line tool MpCmdRun.exe exists, though.

---

The Windows Defender executable MSASCui.exe supports the following switches, which you can set to run using Scheduler or by creating desktop shortcuts.

MSASCui.exe (GUI) Supported Switches

Update definitions and then run a Quick Scan

"C:\Program Files\Windows Defender\MSASCui.exe" -UpdateAndQuickScan

Run a Quick Scan

"C:\Program Files\Windows Defender\MSASCui.exe" -QuickScan

Run a Full Scan

"C:\Program Files\Windows Defender\MSASCui.exe" -FullScan

Update the Definitions

"C:\Program Files\Windows Defender\MSASCui.exe" -Update

All you need to do is create a task using Task Scheduler with the appropriate switch as above.

Run it hidden

If you want to run any of the above tasks minimized (in the notification area), add the “-hide” switch in addition.

For example, the following command starts a Quick Scan, but without the Windows Defender program showing up on the screen. You can see the scan status or indicator in the Notification area.

"C:\Program Files\Windows Defender\MSASCui.exe" -QuickScan -hide

Using MpCmdRun.exe Command-Line Utility

Windows Defender console tool MpCmdRun’s basic command-line switches are given below:

Update definitions and then run a Quick Scan

"C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdateAndQuickScan

The above one is again unofficial, and undocumented, which I blogged about earlier. Refer Using MpCmdRun.exe to Update Windows Defender and Run a Quick Scan in One Go.

Run a Quick Scan

"C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 1

Run a Full Scan

"C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 2

Update the Definitions

"C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate

MpCmdRun.exe supports many additional switches (obviously) than its GUI counterpart. To see the complete list, open a Command Prompt window and type:

"C:\Program Files\Windows Defender\MpCmdRun.exe"

MpCmdRun.exe is a Microsoft protection command-line utility. It is one of the most important utilities of the Windows Defender. At times it can be detected as a virus as there are claims that hackers can use it to steal information from your computer.

Most viruses use the same name for it not to be noticed but worry not as there are ways you can check if the mcpmdrun.exe you have in your computer is the legit one. We will give the steps to follow to find out if it is the right executable file and not some malware that could harm your computer. The main purpose of this program is to protect your computer from threats but not to harm it.t automates Microsoft Defender antivirus operations.

Checking MpCmdRun.exe legitimacy

There are two ways you can do this;

1. Checking its file location.
2. Checking its signature.

Checking its file location

Every program in a computer is installed somewhere on the disk and has its information on the disk somewhere, depending on the choices you made when installing it. The mcpmdrun.exe program is installed automatically when you install your Operating system, which means you don’t get to choose where to install it. Therefore, this program has to be at the same location on every computer, and if you find that it is not so, please scan your computer as it could be a virus.

Now, to locate this file, open your File Explorer, (Windows + E) locate ‘Local Disk (C:) > Program Files > Windows Defender’ or type/paste ‘C:\Program Files\Windows Defender’ in the File Explorer’s address, then hit ‘Enter.’ You should be able to see ‘mcpmdrun.exe’ on the list. Remember, the location has to be exactly here. Any other location should be of concern to you.

Checking its signature

Let’s say that you find your ‘MpCmdRun.exe’ location like I said you should be concerned about. Therefore you need to check its signature to be able to confirm that it is a legit one. This is a straightforward step, so head on back to the location on File explorer that you have, right-click on ‘MpCmdRun.exe’, and click on ‘properties.’

When the next window opens, click on ‘digital signatures’ and check if Microsoft cooperation is mentioned.

If it is so, you can rest peacefully, it is a legit one, and your computer is well protected minus second party software. If not, scan your computer immediately and delete the file.

How to use mpcmdrun.exe

We have looked at what ‘MpCmdRun.exe’ is and how to check if it is a genuine one. Now we will see some of the ways you can actually use it to execute some of the functionalities of Windows Defender without opening its interface. Since it does not have a graphical user interface, You can only run it through the command prompt. To access it, right-click on the start menu>select command prompt(Admin).

You can also, Click on ‘start’ and search ‘command prompt’ right-click on it and select ‘Run as administrator.’

The first command I will show you will display for all the operations you can actually do with your ‘command prompt.’ So in your command prompt, type or paste “%ProgramFiles%\Windows Defender\MpCmdRun.exe,” including the double quotes, and hit ‘Enter.’

The screenshot below shows a sample of the operations that one can perform.

Let’s go ahead and execute some common commands.

Full malware scan

When you want to run a command on the command prompt, type or paste “%ProgramFiles%\Windows Defender\MpCmdRun.exe” in the console, leave a space, enter the operation’s command then hit Enter. Do not forget the quotes. So to run a full malware scan, use the following command;  “%ProgramFiles%\Windows Defender\MpCmdRun.exe” -Scan -ScanType 2′ then press Enter.

By typing this command, Windows Defender antivirus triggers and scans your computer for malware, viruses, or any form of threats. If there are any threats, viruses, or malware detected during the scan, Windows Defender automatically neutralizes it. It is just as if you opened the Windows Defender and started a ‘Full Scan’. You will receive a notification when the scan is complete, just like you would if you used the Windows Defender interface. When you click on the notification, you will also get a full report of the scan and the actions taken by your Windows Defender.

Finally, let’s take a look at some of the methods you could use if your MpCmdRun.exe process is not functioning properly. They include;

1. Restarting the computer.
2. Scan for malware and viruses.
3. Update your Windows.
4. Run SFC utility.
5. System Restore.

Methods to Fix MpCmdRun.exe Issues

Restarting the computer

As simple as it sounds, this method has been able to solve countless problems that arise in computing. You will be amazed at how quickly it could solve your issue without a hustle. Restarting your computer closes every process that was running and restarts them. It is like a refresh to your programs and will probably solve any issues, including too much CPU usage.

Scan for malware and viruses

Sometimes viruses and malware running in your computer could actually ‘eat’ most of your CPU, and by ‘eat’, I mean consume most of it and leave you with just a fraction that would not be enough to run your programs. So do a full scan if possible, and you might find that it is a virus or malware that is causing the low-performance issues on your computer. Fortunately for you, we have given you one way to do the scan by using the command prompt. The other one will be using the Windows Defender interface.

• Click ‘start’ and type ‘Windows security in the search box.

• Click on ‘Windows security or press Enter.
• On the next window, click on ‘Virus & threat protection’ on the top left side of the window.

Then click on ‘Scan options’.

• Check on ‘Full scan’ on the open options and then scroll down and click on ‘scan now’ to start the scan process.

  

  Selecting-full-scan

• Wait for the scan to complete and see if there are threats and if the Defender has solved the issue.

You will get the same notification that the command prompt scan brings.

Update your Windows

Updating Windows is also an easier method to solve some of the issues with ‘MpCmdRun.exe.’ To do an update on Windows, please follow the step-by-step procedure here: Update Windows

Run SFC utility

SFC utility (System File Checker) is a command-line tool used to restore broken system files. For instance, MpCmdRun.exe was accidentally deleted or tampered, this is the tool to use to restore it. Here are the steps to run the SFC utility:

• Open the command prompt with administrator privileges, as discussed at the beginning of the blog. Ensure you also have an internet connection as this process requires downloading the files directly from the internet if they are missing or corrupted. You can solve issues with unidentified network issues, as shown here. How to Fix Unidentified Network Issue in Windows 10
• In the command prompt console, type ‘DISM.exe /Online /Cleanup-image /Restorehealth’ and hit Enter.

• Wait for a success message. This process will take some time, so do not be impatient when you do not see anything happening.
• When the process finishes, again in the command prompt terminal, type or paste ‘sfc /scannow’ and press Enter. This process will also take some time, so again be patient until it finishes.

• Restart your computer and check if it has restored your MpCmdRun.exe and other problems that if any.

System Restore

This is the last method we will talk about, and if it too does not work for you, I recommend reinstalling Windows again on your computer, or you can also just reset the operating system. To restore your system to a previous state, you must have created a restore point earlier; otherwise, use the recommended methods above.

To restore to a previous point:

• Click start and search ‘recovery.’ Press Enter or click on ‘Recovery.’

• In the new window, click on ‘Open system restore.’
• Then in the window that follows, check on  ‘recommended restore’ and click on ‘Next.’

• Finally, in the next window, check and see if the location you chose to store your restore files when you created a restore point is the same as the one in the box. Then click ‘Finish.’ Wait for the process to complete and check if the issues are solved.

Conclusion

The MpCmdRun.exe program stands for malware protection command-line utility. It is a core process in Windows Defender, and therefore it’s recommended for you to make sure it is functioning properly and genuine. The process can do scans at all levels from the full scan, simple scan, file scan, etc. You need to specify the type of scan you want it to perform in the command line. There are many ways to solve the issues, some straightforward and others a bit complex, but they are easy to do. In this tutorial, we have tried to cover MpCmdRun.exe, how to use it, how to determine if it’s safe, and lastly, how to fix any issues arising from it.

Windows 10 has come up with some really impressive features in the Creators Update. Users, those have already upgraded to Creators Update are complaining about their speed of the internet. Few of them are experiencing extremely poor internet speed. This happens due to a program or a process called MpCmdRun.exe. The issue occurs when this process takes over the control of the entire data connection.

If you are also facing internet speed issues, then detect the root of the error by Task Manager or opening Network tab of Resource Monitor in Windows 10. Investigation reveals that MpCmdRun.exe reaches out to the maximum upload bandwidth. This process is taking over the complete internet connectivity to only upload data from your PC to somewhere which actually not only an annoying issue but also a hindrance to the privacy.

Here, you may like to know How to Limit Windows Update Bandwidth in Windows 10.

What is MpCmdRun.exe?

MpCmdRun.exe is a type of process linked with Windows Defender. This is the reason why data upload is associated with this case. Apart from this, sometimes malicious programs, as well as invaders, can also come up in the name of MpCmdRun.exe as a disguise so that they can carry on their harmful act silently as licit action. If you find that the process is hogging the internet connection using upload data only, you can be confirmed that the program is associated with the Windows Defender. Or else, the problem has a connection with the malicious invader.

The legal MpCmdRun.exe process is only located in X:\Program Files\Windows Defender in the form of a file, where X is the drive letter similar to the hard disk pattern of your computer where the Windows are installed. If the process is a malicious element disguising itself then you will find it in any other directory.

Detect the Location of the Process

So the first thing is, you need to sort out which process is responsible for your slower internet connection. You can only detect by finding out the location of the process. Follow the given sequence of steps to find out the location.

Step 1 – Use Windows logo+X keys combination to unfold WinX menu. Out of various options, select Task Manager.

In addition, explore more ways to Open Task Manager in Windows 10.

Step 2 – Now, make sure you are into Processes tab.

Step 3 – Here, you can see a list of processes. Scroll down to find MpCmdRun.exe and hit a right-click on it.

Step 4 – From the context menu select the option namely Open file location.

Once you find out the location of the process, you can now identify the risk of the threat. Based on the directory you see it, the risk proximity is:

• If you find the file location of MpCmdRun.exe in the drive C:\Windows folder, it seems that the rating of the security issue is about 58% dangerous. The file size can be approximately 230,912 bytes. The file must be an unknown file present in the folder of Windows. It will have no visible window like all other normal files. There are chances that this software always run at Windows startup with a Registry key: “MACHINE\RunOnce”. This is not at all a windows file otherwise it might appear as a file.
• If you find the file location in somewhere else like a subfolder of “C:\Windows“, then the safety rating can be around 16% dangerous. The size of the file will be approximately 157,184 bytes. This file is a trusted file of Windows but the program is not a visible one. This is because MpCmdRun.exe is not a core file of the OS.

Solutions to Fix MpCmdRun.exe

The above-mentioned steps will help you to detect the location of the process and eventually, you can detect if it is a Windows Defender problem or a malicious invader depending on the location of the file.

If you find that the problem is a malicious invader, you need to use antivirus or anti-malware solutions. An anti-intruder program can also be a part of your fix. In that case, follow the steps:

Step 1 – Run the Antivirus Software you prefer. Then scan the drive on which the malware is present.

This is how you can get rid of the problem MpCmdRun.exe and eventually gets a faster internet speed again.

Conclusion

So, it is very important for you to detect the location of the problematic process in Windows 10 which can actually tell you what the issue is. All you need to get rid of this issue is to run your preferrable antivirus solution. If you are aware of any other fix of this process, do write them to us.

Repair any Windows problems such as Blue/Black Screen, DLL, Exe, application, Regisrty error and quickly recover system from issues using Reimage.