Home » How To » How to Run Windows Defender from Command Line in Windows

How to Perform Windows Defender Command Line Scan

Windows Defender is the built-in antivirus on your PC. Like any antivirus software, you can scan your computer anytime you want using the Windows Security application. While it’s easy to use the GUI (Graphical User Interface), using the Windows virus scan command makes things a lot easier.

For example, you can scan or update your computer with just a single command. If you perform these actions frequently, you can even create desktop shortcuts for various defender scan or update actions.

In this article, I will show you how to update and scan your PC for viruses & malware using the Windows Defender command line approach. Let’s get started.

Note: You need administrator rights to run virus scanner commands.

Windows Defender Virus Scan Commands

Windows Defender has one command to update the virus signatures and four commands to perform various scan types, quick scan, full scan, custom scan, and boot sector scan.

Step 1: Open Command Prompt as Administrator

Open the Start menu and search for Command Prompt. Right-click on the top result and select Run as Administrator. This will open Command Prompt with admin rights.

search for Command Prompt in the Start menu, right-click, and select run as administrator

Step 2: Update Windows Defender Signatures

Before running any type of scan, it is important to ensure Windows Defender’s signatures and definitions are up-to-date. That way, no virus or malware can escape the scan.

To update Windows Defender definitions via the command line, copy and paste the following command in the Command Prompt window and press Enter.

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate

This command forces Windows Defender to check and download new signatures, if available. Once done, you will see the “Signature update finished” message.

Windows Defender signature update command

Step 3: Perform a Quick Scan

A quick scan in Windows Defender scans the most important places and files on your PC. This is useful when you want to check for the most common threats or in a hurry.

Just copy the below command and execute it. In general, a quick scan will be completed in a few minutes.

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 1

Step 4: Run a Full Scan

A full scan checks your entire PC, every drive, folder, and file. This type of scan is useful when you want to make sure your PC is clean. Since a full scan scans the entire system, depending on your hard drive size and number of files, it takes quite a lot of time to complete. For example, on my computer, it took around 3 hours to complete a full scan.

To run a full scan via command line, run the following command:

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 2

Step 5: Perform Custom Scan

If you want to scan a specific drive or folder thoroughly then you can perform a custom scan. For example, you can directly scan a USB drive instead of the entire system.

To run a custom scan via command line, run the following command while replacing the dummy folder path with a real path.

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "C:\FileOrFolderPath"

Step 6: Perform Boot Sector Scan

Sometimes, a virus can target and infect your boot sector. These types of viruses are generally undetectable with normal scanning methods. To deal with this, Windows Defender has a special scan mode called Boot Sector Scan. Here’s the command to run it.

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType -BootSectorScan

Create a Desktop Shortcut to Run Command Line Virus Scan

If you are frequently using commands to run a virus scan on your PC, creating a desktop shortcut might make things a bit easier. This eliminates the need to manually open the Command Prompt and type the command. Here’s how.

First, right-click on the desktop and select New > Shortcut.

right-click on the desktop and select new and then shortcut

In the location field, type the scan command of your choice and click Next. For example, to scan a specific drive or folder, type the custom scan command with the drive/folder path.

add Windows defender custom command to shortcut field

Enter a name in the Name field and click Finish.

name the shortcut and click finish

That’s it. You’ve created a custom shortcut to run a command line virus scan. From now on, whenever you want to scan for viruses, double-click on the desktop shortcut and you are good to go.

Note: The shortcut doesn’t have to be on the desktop to work. You can move to a folder or drive of your choice, if needed.

Windows defender command line shortcut

How to Check Windows Defender Scan Results

After performing a command line virus scan, it will immediately display the scan results in the same command line window. Additionally, you will also see a notification regarding the scan results.

If Windows Defender finds any active threats, it automatically quarantines them. You don’t have to do anything.

To manually check the scan results, open the Start menu, search for Windows Security, and click on the top result. Next, click on the Protection History option.

click on protection history in Windows defender

It will display the recent threats it detected. If no threats are detected in the last scan, this page will be empty with the message No recent actions.

Windows defender protection history empty

What to Do Next

After running a virus scan, if your system is clean, there is nothing you have to do. However, if you are unsure or want a second opinion, download another antivirus software like Malwarebytes, install it, and scan your computer with it to make sure it is clean.

If a virus or malware is detected, Windows Defender or any other antivirus software will automatically quarantine them so that your system is safe and secure.

For particularly stubborn viruses that are hard to remove, you can download and use Microsoft Safety Scanner, a standalone on-demand scanner.

Additionally, enable the ransomware protection in Windows Defender to protect your most important folder and scan your computer regularly. If necessary, you can schedule a Windows Defender scan so that you don’t forget.

Wrapping Up – Keep Your PC Safe from Virus & Malware

As you see, in special circumstances where you want to or need to run Windows Defender via command line, use the commands shown above to get the job done. For those who want to get an in-depth look at all the commands offered by Windows Defender, go to this Microsoft docs page to learn more.

Also, always follow the following best practices:

  • Only download software from trusted sources.
  • Don’t click on links that you don’t know, especially the short links.
  • Don’t open email attachments without scanning them first.
  • Always enable file extensions in File Explorer.
  • Keep your operating system, antivirus, browsers, and all other software up-to-date.
  • Use two-factor authentication wherever possible.

If you have any questions, comment below and I’ll answer.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top