The Microsoft Defender Antivirus (formerly Windows Defender) provides 24-hour protection against all kinds of threats on Windows devices. Despite being a standalone security tool, it is powered by several micro-processes behind the scenes.
These microprocesses contribute to the proper functioning of Microsoft Defender Antivirus. MsMpEng.exe and MpCmdRun.exe are good examples of important core processes that power Microsoft Defender.
In this tutorial, we’ll discuss what MpCmdRun.exe does on your Windows computer, how you can use it to manage Microsoft Defender, and what to do if the process isn’t working properly.
What is MpCmdRun.exe?
MpCmdRun is the Malware Protection Command Line Utility† MpCmdRun.exe, developed by Microsoft and built into all Windows devices, is an executable file that makes up the Windows defense system. It is an important command-line tool for automating Microsoft Defender Antivirus operations on Windows devices.
The core function of the tool is to protect your computer from malware attacks and other threats. Interestingly, you can also use mpcmdru.exe to manage, configure, and operate the Microsoft Defender Antivirus software itself. More on this in the next section.
Accessing and Using mpcmdrun.exe in Windows 10
MpCmdRun.exe does not have a graphical user interface (GUI). It is structured to be run via the Windows Command Prompt. Right-click the Start menu icon and select Command Prompt (Admin) in the Quick access menu.
After that, paste the below command into Command Prompt console and press Enter continue.
That command shows all available options and operations for the Malware Protection Command Line Utility. Review the options and identify the operation you want to perform. To run a task with mpcmdrun.exe from the command prompt, type/paste “%ProgramFiles%\Windows Defender\MpCmdRun.exe” in the console, leave a space, enter the command of the operation and press Enter†
For example, to run a full system scan, type or paste “%ProgramFiles%\Windows Defender\MpCmdRun.exe” -Scan -ScanType 2 in the command prompt console and press Enter on your keyboard.
That will activate the Microsoft Defender Antivirus to scan your entire computer for malware, viruses and other forms of threats. When the scan is complete, you will receive a Windows security notification in the notification area or Windows Action Center.
Microsoft Defender automatically neutralizes and takes action against any detected threat. Click on the notification to get a detailed report of the malicious program or threat.
Read this official Microsoft documentation for more commands you can run with the MpCmdRun.exe command-line tool.
Is mpcmdrun.exe safe?
You need the Malware Protection Command Line Utility on your computer. The executable file that drives the utility (ie mpcmdrun.exe) is a safe operating system file that works on all Windows devices. However, despite the legitimacy of this file, there are several reports indicating that the mpcmdrun.exe file can be used by cyber attackers to download files to your PC over the Internet.
Fortunately, there are several ways to determine the legitimacy of the MpCmdRun.exe executable on your computer. We highlight some of them below.
1. Check the location of the file
You can find MpCmdRun.exe in the Windows Defender folder on a Windows computer. Start the Explorer, go to Local Disk (C:) † Program files † Windows Defender, and locate MpCmdRun.exe.
You can also paste C:\Program Files\Windows Defender in the address bar of File Explorer and press Enter†
2. Check the digital signature
Microsoft is the creator and developer of the Malware Protection Command Line Utility. If you run MpCmdRun.exe in a different folder (other than C:\Program Files\Windows Defender), you need to verify the digital signature of the file. That will help you confirm whether the MpCmdRun.exe on your PC is malicious, or if it was accidentally moved to another folder.
Right click on MpCmdRun.exe in Task Manager or File Explorer and select Properties†
Go to the Digital signature tab and check the “Signer’s name” column.
If the file is not signed by Microsoft Corporation, it is definitely a virus that hides under the guise of a legitimate system file. In that case, delete the file from your computer or scan it with your antivirus software or online security scanners†
Your computer may not be able to run the Malware Protection Command Line Utility if the MpCmdRun.exe file is malicious. Or if it is accidentally moved from the Windows Defender folder. Windows may also display various error messages if there is a problem with the executable file or if your PC is outdated.
Here are some possible solutions to issues that prevent the MpCmdRun.exe command-line tool from functioning properly.
1. Restart your computer
If MpCmdRun.exe consumes an insane amount of CPU and Internet bandwidth in the background, we recommend shutting down your computer. That should refresh your device and hopefully fix issues that prevent the tool from working properly.
2. Scan for a virus or malware infection
The MpCmdRun.exe file may be a virus, even if it is located in the correct folder on your PC. Run the file through a third-party antivirus app or online virus scanners† Delete the file from your PC if your security tool marks the file as dangerous or malicious.
3. Run Command Prompt as Administrator
The malware protection command line tool may not be able to perform certain operations if the Command Prompt does not have sufficient privileges. When you need to use the common-line tool MpCmdRun.exe, make sure to launch the administrator-level version of the Command Prompt.
4. Update your computer
If you get a “0x80070667” error code when you run an MpCmdRun.exe command, it’s because your PC is running an old Windows 10 version. For the best experience, make sure you have Windows 10 version 1703 (or later) installed on your PC.
Go to Settings † Update & Security † Windows Update to check for available updates.
Security Intelligence updates for Microsoft Defender Antivirus are also installed alongside Windows Updates, so your PC is protected against the latest threats.
5. Run the System File Checker (SFC) utility
SFC is a command line tool that repairs and replaces corrupted system files on Windows devices. If you deleted MpCmdRun.exe from your PC, perhaps accidentally or due to a malware infection, run the System File Checker to restore the file. Connect your computer to the Internet, launch Command Prompt as an administrator, enter the command below in the terminal and press Enter†
DISM.exe /Online /Cleaning-image /Restorehealth
When you get a success message, type or paste sfc /scannow in the terminal and press Enter†
The process can take up to 30 minutes (or longer). Restart your computer when the repair process is complete and check if that fixes the MpCmdRun file and fixes other issues.
If nothing else works, consider performing a system restore or reinstalling Windows on your computer.