The Microsoft Defender Antivirus (formerly Windows Defender) offers round-the-clock protection against all kinds of threats on Windows devices. Despite being a standalone security tool, it is powered by several micro-processes behind the scenes.

These micro-processes contribute to the proper functioning of the Microsoft Defender Antivirus. MsMpEng.exe and MpCmdRun.exe are good examples of important core processes powering Microsoft Defender.

In this explainer, we’ll cover what MpCmdRun.exe does on your Windows computer, how you can use it to manage the Microsoft Defender, and what to do when the process malfunctions. 

What Is MpCmdRun.exe?

MpCmdRun is the Malware Protection Command Line Utility. Developed by Microsoft and built-in all Windows devices, MpCmdRun.exe is an executable file that makes up the Windows defense system. It’s an important command-line tool dedicated to automating Microsoft Defender Antivirus operations on Windows devices.

The utility’s core function is to protect your computer against malware attacks and other threats. Interestingly, you can also use mpcmdru.exe to manage, configure, and operate the Microsoft Defender Antivirus software itself. More on this in the next section.

How to Access and Use mpcmdrun.exe in Windows 10

MpCmdRun.exe doesn’t have a graphical user interface (GUI). It’s structured to run via the Windows Command Prompt. Right-click the Start menu icon and select Command Prompt (Admin) on the Quick Access menu.

Afterward, paste the command below in the Command Prompt console and press Enter to proceed.

“%ProgramFiles%\Windows Defender\MpCmdRun.exe”

That command will display all available options and operations for the Malware Protection Command Line Utility. Look through the options and identify the operation you’d like to execute. To execute a task using mpcmdrun.exe from the Command Prompt, type/paste “%ProgramFiles%\Windows Defender\MpCmdRun.exe” in the console, leave a space, enter the operation’s command, and press Enter.

To run a full system scan, for example, type or paste “%ProgramFiles%\Windows Defender\MpCmdRun.exe” -Scan -ScanType 2 in the Command Prompt console and press Enter on your keyboard.

That’ll trigger the Microsoft Defender Antivirus to scan your entire computer for malware, viruses, and other forms of threats. When the scan is complete, you’ll get a Windows Security notification in the notification area or Windows Action Center.

Microsoft Defender will automatically neutralize and take action against any threat it detects. Click the notification to get a detailed report of the malicious program or threat.

Read this official Microsoft documentation to learn more commands that you can execute with the MpCmdRun.exe command-line tool.

Is mpcmdrun.exe Safe?

You need the Malware Protection Command Line Utility on your computer. The executable file powering the utility (i.e. mpcmdrun.exe) is a safe operating system file that works on all Windows devices. Despite the legitimacy of this file, however, there are several reports indicating that the mpcmdrun.exe file can be used by cyber attackers to download files to your PC via the internet.

Luckily, there are several ways to determine the legitimacy of the MpCmdRun.exe executable file on your computer. We highlight some of them below.

1. Check the File’s Location

You’ll find MpCmdRun.exe located in the Windows Defender folder on a Windows computer. Launch the File Explorer, go to Local Disk (C:) > Program Files > Windows Defender, and locate MpCmdRun.exe.

Alternatively, paste C:\Program Files\Windows Defender in the File Explorer’s address bar and press Enter.

2. Check the Digital Signature

Microsoft is the creator and developer of the Malware Protection Command Line Utility. If you MpCmdRun.exe in another directory (other than C:\Program Files\Windows Defender), you should verify the file’s digital signature. That’ll help you confirm whether or not the MpCmdRun.exe on your PC is malicious, or perhaps it was moved to another folder by accident.

Right-click MpCmdRun.exe in the Task Manager or File Explorer and select Properties.

Head to the Digital Signature tab and check the “Name of signer” column.

If the file isn’t signed by Microsoft Corporation, it’s most definitely a virus hiding under the guise of a legitimate system file. In that case, delete the file from your computer or scan it with your antivirus software or online security scanners

Fix MpCmdRun.exe Issues

Your computer may fail to run the Malware Protection Command Line Utility if the MpCmdRun.exe file is malicious. Or, if it gets moved from the Windows Defender folder by accident. Windows may also throw off several error messages if there’s a problem with the executable file or if your PC is out-of-date.

Here are some potential solutions to issues preventing the MpCmdRun.exe command-line utility from functioning correctly.

1. Restart Your Computer

If MpCmdRun.exe is consuming an insane amount of CPU and internet bandwidth in the background, we recommend power-cycling your computer. That should refresh your device and hopefully fix issues causing the tool to malfunction.

2. Scan for Virus or Malware Infection

The MpCmdRun.exe file could be a virus, even if it’s in the appropriate directory on your PC. Run the file through a third-party antivirus app or online virus scanners. Delete the file from your PC if your security tool flags the file as dangerous or malicious.

3. Run Command Prompt as Administrator

The Malware Protection Command Line Utility may fail to execute certain operations if the Command Prompt doesn’t have enough privileges. Whenever you need to use the MpCmdRun.exe common-line tool, make sure you launch the administrator-level version of the Command Prompt.

[02-launch-device-manager-windows-10]

4. Update Your Computer

If you get a “0x80070667” error code when you run a MpCmdRun.exe command, that’s because your PC is running an old Windows 10 version. For the best experience, ensure you have Windows 10 version 1703 (or higher) installed on your PC. 

Go to Settings > Update & Security > Windows Update to check for available updates.

Security Intelligence updates for the Microsoft Defender Antivirus are also installed alongside Windows Updates, ensuring your PC is protected against the latest threats.

5. Run the System File Checker (SFC) Utility

SFC is a command-line tool that fixes and replaces corrupted system files on Windows devices. If you removed MpCmdRun.exe from your PC, perhaps by accident or due to malware infection, use the System File Checker to restore the file. Connect your computer to the internet, launch Command Prompt as an administrator, enter the command below in the terminal, and press Enter.

DISM.exe /Online /Cleanup-image /Restorehealth

When you get a success message, type or paste sfc /scannow in the terminal and press Enter.

The process may last up to 30 minutes (or more). Restart your computer when the repair process is complete and check if that restores the MpCmdRun file and resolves other issues.

If nothing else works, you should consider performing a System restore or reinstalling Windows on your computer.