How to Use Windows Defender from the Command Prompt

Use Windows Defender Command Prompt Featured

Windows Defender, no known as Windows Security, is the default antivirus software in Windows 10 and Windows 11, and is no less capable than any third-party antivirus software. In fact, when it comes to system resource usage, Windows Defender is one of the best. Though the Windows Defender GUI is pretty easy to use, you can also use the Windows Defender via command prompt. This is especially useful when you are creating your own scripts or scheduled tasks.

The Windows Defender command line lets you do all the basic things like performing different types of scans, listing and restoring quarantined files, adding dynamic signatures and removing or updating the virus definitions. This article will show you how to use Windows Defender from the command prompt.

Use Windows Defender from Command Prompt

To run Windows Defender via Command Prompt, you need to have administrative privileges, so search for Command Prompt in the Start menu and select the “Run as Administrator” option. You can also right-click and select “Run as Administrator.”

Windows Defender Command Line 01 Open Cmd As Admin

If you’ve ever used Windows Defender GUI, you will know that it has three scan types. Below are some quick explanations of what those different scan types mean.

Quick Scan: As the name suggests, Quick Scan is fast and only looks in the most common places like registry keys and start-up folders where the malware or virus could have an affect. Typically, Quick Scan is completed in minutes. In the command line Quick Scan is denoted by -ScanType 1.

Full Scan: Full scan performs an in-depth scan on your entire system. Depending on how many files you have in your system, the scan can take hours to complete. In the command line Full Scan is denoted by -ScanType 2.

Custom Scan: Custom scan lets you perform an in-depth scan on a specific drive, folder, or file. In the command line, Custom Scan is denoted by -ScanType 3 and has additional switches to tell what file or folder to scan.

If you want to perform a quick scan, you can use the below command.

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 1
Windows Defender Command Line 02 Quick Scan

For a full scan, simply replace 1 in the above command with 2.

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 2
Windows Defender Command Line 03 Full Scan

To perform a quick scan, use the below command while replacing “D:\Folder\Path” with the actual folder or file path you want to scan.

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "D:\Folder\Path"
Windows Defender Command Line 04 Custom Scan

Windows Defender also has another scan type that scans the system boot sector for any infections. A boot sector virus infects the Master Boot Record which in turn infects the entire system when you boot up the system. To perform a boot sector scan, use the below command.

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType -BootSectorScan

To cancel the scan, simply press the keyboard shortcut Ctrl + C.

Windows Defender Command Line 05 Boot Sector Scan

When Windows Defender finds a threat, it moves it to the Quarantine so that it doesn’t infect your system. However, false positives can happen, and if you think Windows Defender moved a legitimate file to Quarantine, you can restore it quite easily. First, use the below command to list all the Quarantined Files.

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Restore -ListAll

From the list, identify the file and note its name. Next, execute the below command while replacing “FileName” with the actual file name you want to restore. If the command is executed successfully, the file restores to its original location.

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Restore -Name "FileName"

In general, Windows Defender automatically updates itself with latest antivirus definitions. However, if you want to make sure Windows Defender is up to date, execute the below command.

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate
Windows Defender Command Line 06 Update Windows Defender

Remove and Restore Security Updates

If you’re testing apps or doing a bit of scripting, then you may want to see how Windows interacts with the latest security updates as well as those from the previous Windows update. Using the command prompt, you can remove (and then restore security definitions.

Note: We strongly recommend you restore the definitions to the latest ones after removing them so your PC stays protected against the latest threats.

With that in mind, here’s how to roll back your virus definitions:

To restore definitions to the default ones or those stored in the last backup copy (automatically created by Windows when updating to the latest ones), enter this command:

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All

You can also remove only the dynamically downloaded security signatures using this command:

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -DynamicSignatures
Use Windows Defender Command Prompt Removedefinitions

Once you’re done dallying around removing security definitions, it’s time to restore them with this command:

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate
Use Windows Defender Command Prompt Signatureupdate

That is it. As you can see, the Windows Defender command-line options are quite user-friendly and easy to use. For more Windows tips see how to fix the Windows 11 snipping tool, which is known to have some problems. Also, we explains the ins and outs of TrustedInstaller, and whether you really need it.

Robert Zak
Robert Zak

Content Manager at Make Tech Easier. Enjoys Android, Windows, and tinkering with retro console emulation to breaking point.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox