MpCmdRun.exe is a Microsoft protection command-line utility. It is one of the most important utilities of the Windows Defender. At times it can be detected as a virus as there are claims that hackers can use it to steal information from your computer.
Most viruses use the same name for it not to be noticed but worry not as there are ways you can check if the mcpmdrun.exe you have in your computer is the legit one. We will give the steps to follow to find out if it is the right executable file and not some malware that could harm your computer. The main purpose of this program is to protect your computer from threats but not to harm it.t automates Microsoft Defender antivirus operations.
Checking MpCmdRun.exe legitimacy
There are two ways you can do this;
- Checking its file location.
- Checking its signature.
Checking its file location
Every program in a computer is installed somewhere on the disk and has its information on the disk somewhere, depending on the choices you made when installing it. The mcpmdrun.exe program is installed automatically when you install your Operating system, which means you don’t get to choose where to install it. Therefore, this program has to be at the same location on every computer, and if you find that it is not so, please scan your computer as it could be a virus.
Now, to locate this file, open your File Explorer, (Windows + E) locate ‘Local Disk (C:) > Program Files > Windows Defender’ or type/paste ‘C:\Program Files\Windows Defender’ in the File Explorer’s address, then hit ‘Enter.’ You should be able to see ‘mcpmdrun.exe’ on the list. Remember, the location has to be exactly here. Any other location should be of concern to you.
Checking its signature
Let’s say that you find your ‘MpCmdRun.exe’ location like I said you should be concerned about. Therefore you need to check its signature to be able to confirm that it is a legit one. This is a straightforward step, so head on back to the location on File explorer that you have, right-click on ‘MpCmdRun.exe’, and click on ‘properties.’
When the next window opens, click on ‘digital signatures’ and check if Microsoft cooperation is mentioned.
If it is so, you can rest peacefully, it is a legit one, and your computer is well protected minus second party software. If not, scan your computer immediately and delete the file.
How to use mpcmdrun.exe
We have looked at what ‘MpCmdRun.exe’ is and how to check if it is a genuine one. Now we will see some of the ways you can actually use it to execute some of the functionalities of Windows Defender without opening its interface. Since it does not have a graphical user interface, You can only run it through the command prompt. To access it, right-click on the start menu>select command prompt(Admin).
You can also, Click on ‘start’ and search ‘command prompt’ right-click on it and select ‘Run as administrator.’
The first command I will show you will display for all the operations you can actually do with your ‘command prompt.’ So in your command prompt, type or paste “%ProgramFiles%\Windows Defender\MpCmdRun.exe,” including the double quotes, and hit ‘Enter.’
The screenshot below shows a sample of the operations that one can perform.
Let’s go ahead and execute some common commands.
Full malware scan
When you want to run a command on the command prompt, type or paste “%ProgramFiles%\Windows Defender\MpCmdRun.exe” in the console, leave a space, enter the operation’s command then hit Enter. Do not forget the quotes. So to run a full malware scan, use the following command; “%ProgramFiles%\Windows Defender\MpCmdRun.exe” -Scan -ScanType 2′ then press Enter.
By typing this command, Windows Defender antivirus triggers and scans your computer for malware, viruses, or any form of threats. If there are any threats, viruses, or malware detected during the scan, Windows Defender automatically neutralizes it. It is just as if you opened the Windows Defender and started a ‘Full Scan’. You will receive a notification when the scan is complete, just like you would if you used the Windows Defender interface. When you click on the notification, you will also get a full report of the scan and the actions taken by your Windows Defender.
Finally, let’s take a look at some of the methods you could use if your MpCmdRun.exe process is not functioning properly. They include;
- Restarting the computer.
- Scan for malware and viruses.
- Update your Windows.
- Run SFC utility.
- System Restore.
Methods to Fix MpCmdRun.exe Issues
Restarting the computer
As simple as it sounds, this method has been able to solve countless problems that arise in computing. You will be amazed at how quickly it could solve your issue without a hustle. Restarting your computer closes every process that was running and restarts them. It is like a refresh to your programs and will probably solve any issues, including too much CPU usage.
Scan for malware and viruses
Sometimes viruses and malware running in your computer could actually ‘eat’ most of your CPU, and by ‘eat’, I mean consume most of it and leave you with just a fraction that would not be enough to run your programs. So do a full scan if possible, and you might find that it is a virus or malware that is causing the low-performance issues on your computer. Fortunately for you, we have given you one way to do the scan by using the command prompt. The other one will be using the Windows Defender interface.
- Click ‘start’ and type ‘Windows security in the search box.
- Click on ‘Windows security or press Enter.
- On the next window, click on ‘Virus & threat protection’ on the top left side of the window.
Then click on ‘Scan options’.
- Check on ‘Full scan’ on the open options and then scroll down and click on ‘scan now’ to start the scan process.
- Wait for the scan to complete and see if there are threats and if the Defender has solved the issue.
You will get the same notification that the command prompt scan brings.
Update your Windows
Updating Windows is also an easier method to solve some of the issues with ‘MpCmdRun.exe.’ To do an update on Windows, please follow the step-by-step procedure here: Update Windows
Run SFC utility
SFC utility (System File Checker) is a command-line tool used to restore broken system files. For instance, MpCmdRun.exe was accidentally deleted or tampered, this is the tool to use to restore it. Here are the steps to run the SFC utility:
- Open the command prompt with administrator privileges, as discussed at the beginning of the blog. Ensure you also have an internet connection as this process requires downloading the files directly from the internet if they are missing or corrupted. You can solve issues with unidentified network issues, as shown here. How to Fix Unidentified Network Issue in Windows 10
- In the command prompt console, type ‘DISM.exe /Online /Cleanup-image /Restorehealth’ and hit Enter.
- Wait for a success message. This process will take some time, so do not be impatient when you do not see anything happening.
- When the process finishes, again in the command prompt terminal, type or paste ‘sfc /scannow’ and press Enter. This process will also take some time, so again be patient until it finishes.
- Restart your computer and check if it has restored your MpCmdRun.exe and other problems that if any.
This is the last method we will talk about, and if it too does not work for you, I recommend reinstalling Windows again on your computer, or you can also just reset the operating system. To restore your system to a previous state, you must have created a restore point earlier; otherwise, use the recommended methods above.
To restore to a previous point:
- Click start and search ‘recovery.’ Press Enter or click on ‘Recovery.’
- In the new window, click on ‘Open system restore.’
- Then in the window that follows, check on ‘recommended restore’ and click on ‘Next.’
- Finally, in the next window, check and see if the location you chose to store your restore files when you created a restore point is the same as the one in the box. Then click ‘Finish.’ Wait for the process to complete and check if the issues are solved.
The MpCmdRun.exe program stands for malware protection command-line utility. It is a core process in Windows Defender, and therefore it’s recommended for you to make sure it is functioning properly and genuine. The process can do scans at all levels from the full scan, simple scan, file scan, etc. You need to specify the type of scan you want it to perform in the command line. There are many ways to solve the issues, some straightforward and others a bit complex, but they are easy to do. In this tutorial, we have tried to cover MpCmdRun.exe, how to use it, how to determine if it’s safe, and lastly, how to fix any issues arising from it.