How to manage Microsoft Defender Antivirus from Command Prompt on Windows 11
You can control the Windows 11 default antivirus from Command Prompt, and here's how.
Microsoft Defender Antivirus is the default anti-malware solution that protects your Windows 11 installation and files from unwanted viruses, ransomware, spyware, and many other types of malware and malicious attacks.
Usually, you would use the Windows Security app to manage the antivirus, such as scanning, updates, and quarantined items. However, it's also possible to control the Microsoft Defender Antivirus with commands from Command Prompt. For example, when you have to use a script to automate specific tasks. You are in charge of managing multiple computers, and you need a quicker way to run specific tasks. Or you want to schedule an update and scan at a particular time.
This guide will walk you through the steps to manage the Microsoft Defender Antivirus on Windows 11 from Command Prompt.
How to update antivirus definition on Microsoft Defender
To download and install the latest definitions for the Microsoft Defender Antivirus on Windows 11, use these steps:
- Open Start.
- Search for Command Prompt, right-click the top result, and select the Run as administrator option.
- Type the following command to open the antivirus tool location and press Enter: cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*
- Type the following command to check and update Microsoft Defender Antivirus and press Enter: MpCmdRun -SignatureUpdate
Once you complete the steps, the antivirus will automatically check and download any available updates.
Rollback definitions updates
To uninstall recently installed definition updates, use these steps:
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
- Open Start.
- Search for Command Prompt, right-click the top result, and select the Run as administrator option.
- Type the following command to open the antivirus tool location and press Enter: cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*
- Type the following command to remove recent definitions and press Enter: MpCmdRun -RemoveDefinitions -All
The "-All" option restores the previous definitions from the backup or original default set of signatures.
- Type the following command to roll back the engine version and press Enter: MpCmdRun -RemoveDefinitions -Engine
The "-Engine" option rolls back to the previous version of the antivirus engine.
- Type the following command to remove dynamic signature updates and press Enter: MpCmdRun -RemoveDefinitions -DynamicSignatures
The -DynamicSignatures option uninstalls only the dynamic signatures.
After you complete the steps, the recent definition updates will be uninstalled from the device.
How to do quick antivirus scan on Microsoft Defender
To run a quick antivirus scan from Command Prompt on Windows 11, use these steps:
- Open Start.
- Search for Command Prompt, right-click the top result, and select the Run as administrator option.
- Type the following command to open the antivirus tool location and press Enter: cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*
- Type the following command to perform a quick antivirus scan and press Enter: MpCmdRun -Scan -ScanType 1
- Quick tip: You can also replace "1" with the "0" option to start a default scan.
Once you complete the steps, the Microsoft Defender Antivirus will perform a quick scan of the locations where malware is more likely to hide.
How to do full antivirus scan on Microsoft Defender
To run a full antivirus scan on Windows 11, use these steps:
- Open Start.
- Search for Command Prompt, right-click the top result, and select the Run as administrator option.
- Type the following command to open the antivirus tool location and press Enter: cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*
- Type the following command to perform a full antivirus scan and press Enter: MpCmdRun -Scan -ScanType 2
After you complete the steps, the antivirus will scan all the locations for malware. If you have a lot o files, this option could take a long time.
How to do custom antivirus scan on Microsoft Defender
To run an antivirus scan only on specific locations from Command Prompt, use these steps:
- Open Start.
- Search for Command Prompt, right-click the top result, and select the Run as administrator option.
- Type the following command to open the antivirus tool location and press Enter: cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*
- Type the following command to perform a custom antivirus scan and press Enter: MpCmdRun -Scan -ScanType 3 -File PATH\TO\FOLDER-FILES
In the command, update the path to the folder to scan. For example, this command scans the "Documents" folder: MpCmdRun -Scan -ScanType 3 -File C:\Users\username\Documents
- (Optional) Type the following command to perform a custom scan with timeout time and press Enter: MpCmdRun -Scan -ScanType 3 -File PATH\TO\FOLDER-FILES -Timeout 1
In the command, remember to update the path with the folder to scan. For example, this command scans the "Documents" folder and sets the timeout to one day: MpCmdRun -Scan -ScanType 3 -File C:\Users\username\Documents -Timeout 1
- Quick note: You can change the timeout number to specify another number of days. The option is also available for quick and full scan commands.
Once you complete the steps, Microsoft Defender Antivirus will only scan the specified location.
How to do boot sector malware scan on Microsoft Defender
As part of the Windows 11 installation, the boot sector includes essential instructions to process the startup sequence. If a specially crafted virus access the boot sector can cause problems that are difficult to fix. However, the Microsoft Defender Antivirus can also remove malware from the boot sector with a simple command.
To run a virus scan in the boot sector of Windows 11, use these steps:
- Open Start.
- Search for Command Prompt, right-click the top result, and select the Run as administrator option.
- Type the following command to open the antivirus tool location and press Enter: cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*
- Type the following command to perform a custom antivirus scan and press Enter: MpCmdRun -Scan -ScanType -BootSectorScan
After you complete the steps, the default antivirus will look for any malicious code inside the boot sector.
How to restore quarantined item on Microsoft Defender
Microsoft Defender Antivirus may sometimes detect files as malicious when they are known and harmless. When this happens, you can use a command to review the quarantined files and another command to restore those files that are not a threat.
To check and restore quarantined items from Microsoft Defender Antivirus, use these steps:
- Open Start.
- Search for Command Prompt, right-click the top result, and select the Run as administrator option.
- Type the following command to open the antivirus tool location and press Enter: cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*
- Type the following command to view quarantined items and press Enter: MpCmdRun -Restore -ListAll
- Type the following command to restore the quarantined items and press Enter: MpCmdRun -Restore -All
- Type the following command to restore a specific quarantined item and press Enter: MpCmdRun -Restore -Name ITEM-NAME
In the command, replace the "ITEM-NAME" with the name of the item to restore.
- Type the following command to restore a quarantined item to a specific path and press Enter: MpCmdRun -Restore -Name ITEM-NAME -FilePath PATH\TO\RESTORED
In the command, specify the path to restore the item. For example, this command restores a specific item to the "Documents" folder: MpCmdRun -Restore -Name app.exe -FilePath C:\Users\username\Documents
Once you complete the steps, the file will restore automatically to its original location.
This guide outlines some essential commands to manage the Microsoft Defender Antivirus with Command Prompt. However, the command-line tool offers many other options, which you can view using the "MpCmdRun" command.
More resources
For more helpful articles, coverage, and answers to common questions about Windows 10 and Windows 11, visit the following resources:
Mauro Huculak has been a Windows How-To Expert contributor for WindowsCentral.com for nearly a decade and has over 15 years of experience writing comprehensive guides. He also has an IT background and has achieved different professional certifications from Microsoft, Cisco, VMware, and CompTIA. He has been recognized as a Microsoft MVP for many years.