From 089af5044ecf90419b60c66cb91fed5c88dbe31a Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 24 May 2016 15:30:44 +1000 Subject: [PATCH 1/9] new topic file created, added in TOC --- windows/keep-secure/TOC.md | 1 + ...md-scan-windows-defender-for-windows-10.md | 60 +++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index 56f8c27db1..b169a67beb 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -428,6 +428,7 @@ ### [Windows Defender in Windows 10](windows-defender-in-windows-10.md) #### [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md) #### [Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md) +#### [Run a Windows Defender scan from the command line] (run-cmd-scan-windows-defender-for-windows-10.md) #### [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md) ## [Enterprise security guides](windows-10-enterprise-security-guides.md) ### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md) diff --git a/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md b/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md new file mode 100644 index 0000000000..aac8e0f470 --- /dev/null +++ b/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md @@ -0,0 +1,60 @@ +--- +title: Run a scan from the command line in Windows Defender in Windows 10 (Windows 10) +description: IT professionals can run a scan using the command line in Windows Defender in Windows 10. +keywords: scan, command line, mpcmdrun, defender +search.product: eADQiWindows 10XVcnh +ms.pagetype: security +ms.prod: W10 +ms.mktglfcycl: manage +ms.sitesec: library +author: mjcaparas +--- + +# Run a Windows Defender scan from the command line + +**Applies to:** + +- Windows 10 + +IT professionals can use a command-line utility to run a Windows Defender scan. + +The utility is available in _%Program Files%\Windows Defender\MpCmdRun.exe + +This utility can be handy when you want to automate the use of Windows Defender. + +## Before you start + +To complete the procedures in this scenario: +- You must have administrator credentials +[CHECK WITH RAM IS THIS IS ACCURATE] + + +**To run a full system scan from the command line** + +1. Click **Start**, type **cmd**, and press **Enter**. +2. Navigate to _%ProgramFiles%\Windows Defender_ and enter the following command, and press **Enter**: + +``` +C:\Program Files\Windows Defender\mpcmdrun.exe -scan -scantype 2 +``` +The full scan start. When the scan completes, you'll see a message indicating that the scan is finished. + + +The utility also provides other commands that you can run: + +``` +MpCmdRun.exe \[command] [-options] +``` + +Command | Description +:---|:--- +\- ? / -h | Displays all available options for the tool +\-Scan [-ScanType #] [-File [-DisableRemediation] [-BootSectorScan]][-Timeout ] | Scans for malicious softare +\-Trace [-Grouping #] [-Level #]| Starts diagnostic tracing +\-GetFiles | Collects support information +\-RemoveDefinitions [-All] | Restores the installed signature definitions to a previous backup copy or to the original default set of signatures +\-AddDynamicSignature [-Path] | Loads a dyanmic signature +\-ListAllDynamicSignature [-Path] | Lists the loaded dynamic signatures +\-RemoveDynamicSignature [-SignatureSetID] | Removes a dynamic signature +\-EnableIntegrityServices | Enables integrity services +\-SubmitSamples | Submit all sample requests \ No newline at end of file From ba84f42c2b2f7440d1233c0074d8c7fd5bd5d546 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 24 May 2016 15:52:59 +1000 Subject: [PATCH 2/9] remove space from TOC --- windows/keep-secure/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index b169a67beb..df60443abe 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -428,7 +428,7 @@ ### [Windows Defender in Windows 10](windows-defender-in-windows-10.md) #### [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md) #### [Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md) -#### [Run a Windows Defender scan from the command line] (run-cmd-scan-windows-defender-for-windows-10.md) +#### [Run a Windows Defender scan from the command line](run-cmd-scan-windows-defender-for-windows-10.md) #### [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md) ## [Enterprise security guides](windows-10-enterprise-security-guides.md) ### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md) From 9c85b83432cd449151a65b68d1ce20a582bff9ba Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 24 May 2016 15:58:31 +1000 Subject: [PATCH 3/9] minor edits --- .../run-cmd-scan-windows-defender-for-windows-10.md | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md b/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md index aac8e0f470..c9e4438386 100644 --- a/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md +++ b/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md @@ -18,17 +18,10 @@ author: mjcaparas IT professionals can use a command-line utility to run a Windows Defender scan. -The utility is available in _%Program Files%\Windows Defender\MpCmdRun.exe +The utility is available in _%Program Files%\Windows Defender\MpCmdRun.exe_ This utility can be handy when you want to automate the use of Windows Defender. -## Before you start - -To complete the procedures in this scenario: -- You must have administrator credentials -[CHECK WITH RAM IS THIS IS ACCURATE] - - **To run a full system scan from the command line** 1. Click **Start**, type **cmd**, and press **Enter**. @@ -37,7 +30,7 @@ To complete the procedures in this scenario: ``` C:\Program Files\Windows Defender\mpcmdrun.exe -scan -scantype 2 ``` -The full scan start. When the scan completes, you'll see a message indicating that the scan is finished. +The full scan will start. When the scan completes, you'll see a message indicating that the scan is finished. The utility also provides other commands that you can run: From bb360441b3dfc8d8abbe01e5112cff79cf775e1e Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 24 May 2016 15:59:00 +1000 Subject: [PATCH 4/9] remove wrong character in command --- .../keep-secure/run-cmd-scan-windows-defender-for-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md b/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md index c9e4438386..9eb59d5dc1 100644 --- a/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md +++ b/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md @@ -36,7 +36,7 @@ The full scan will start. When the scan completes, you'll see a message indicati The utility also provides other commands that you can run: ``` -MpCmdRun.exe \[command] [-options] +MpCmdRun.exe [command] [-options] ``` Command | Description From 1eb2e56e63e4895d7d5202e1ae39cea6bdf4cd0c Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 24 May 2016 16:12:46 +1000 Subject: [PATCH 5/9] remove topic to fix link --- windows/keep-secure/TOC.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index df60443abe..56f8c27db1 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -428,7 +428,6 @@ ### [Windows Defender in Windows 10](windows-defender-in-windows-10.md) #### [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md) #### [Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md) -#### [Run a Windows Defender scan from the command line](run-cmd-scan-windows-defender-for-windows-10.md) #### [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md) ## [Enterprise security guides](windows-10-enterprise-security-guides.md) ### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md) From 3088b2740d14378d1cb944e746ea917f04fb7c70 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 24 May 2016 16:17:21 +1000 Subject: [PATCH 6/9] put link to new topic --- windows/keep-secure/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index 56f8c27db1..df60443abe 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -428,6 +428,7 @@ ### [Windows Defender in Windows 10](windows-defender-in-windows-10.md) #### [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md) #### [Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md) +#### [Run a Windows Defender scan from the command line](run-cmd-scan-windows-defender-for-windows-10.md) #### [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md) ## [Enterprise security guides](windows-10-enterprise-security-guides.md) ### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md) From 677ad59c0de5f2f846b5252cd8dfe60659963cd1 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 24 May 2016 16:57:33 +1000 Subject: [PATCH 7/9] Update based on Omri feedback --- ...dpoints-windows-defender-advanced-threat-protection.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md index 8ac1ba2c6b..78366779a6 100644 --- a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md @@ -25,7 +25,7 @@ Using the GP configuration package ensures your endpoints will be correctly conf > **Note**  To use GP updates to deploy the package, you must be on Windows Server 2008 R2 or later. The endpoints must be running Windows 10 Insider Preview Build 14332 or later. -1. Open the GP configuration package .zip file (*WindowsATPOnboardingPackage_GroupPolicy.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): +1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip *) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): a. Click **Client onboarding** on the **Navigation pane**. @@ -52,13 +52,13 @@ For additional settings, see the [Additional configuration settings section](add ## Configure with System Center Configuration Manager -1. Open the SCCM configuration package .zip file (*WindowsATPOnboardingPackage_ConfigurationManager.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): +1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): a. Click **Client onboarding** on the **Navigation pane**. b. Select **System Center Configuration Manager**, click **Download package**, and save the .zip file. -2. Copy the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. +2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a folder called *WindowsDefenderATPOnboardingPackage* and the file *WindowsDefenderATPOnboardingScript.cmd*. 3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682112.aspx#BKMK_Import) topic. @@ -76,7 +76,7 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You a. Click **Client onboarding** on the **Navigation pane**. - b. Select **Manually on-board local machine**, click **Download package** and save the .zip file. + b. Select **Local Script**, click **Download package** and save the .zip file. 2. Extract the contents of the configuration package to a location on the endpoint you want to onboard (for example, the Desktop). You should have a file called *WindowsDefenderATPOnboardingScript.cmd*. From 3fe0c958429d056169b7cf3b0b0f83f990c54bd3 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 24 May 2016 17:15:06 +1000 Subject: [PATCH 8/9] remove extra space, edit a sentence --- ...e-endpoints-windows-defender-advanced-threat-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md index 78366779a6..5ba1e38a0b 100644 --- a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md @@ -25,7 +25,7 @@ Using the GP configuration package ensures your endpoints will be correctly conf > **Note**  To use GP updates to deploy the package, you must be on Windows Server 2008 R2 or later. The endpoints must be running Windows 10 Insider Preview Build 14332 or later. -1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip *) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): +1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): a. Click **Client onboarding** on the **Navigation pane**. @@ -58,7 +58,7 @@ For additional settings, see the [Additional configuration settings section](add b. Select **System Center Configuration Manager**, click **Download package**, and save the .zip file. -2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a folder called *WindowsDefenderATPOnboardingPackage* and the file *WindowsDefenderATPOnboardingScript.cmd*. +2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file called *WindowsDefenderATPOnboardingScript.cmd*. 3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682112.aspx#BKMK_Import) topic. From 0f940dccdbc495287a6d77e75cd25294daabe243 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 24 May 2016 17:17:18 +1000 Subject: [PATCH 9/9] add full stop --- ...ot-onboarding-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 09251bb1f6..9199881438 100644 --- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -38,7 +38,7 @@ If the endpoints aren't reporting correctly, you might need to check that the Wi **Check the onboarding state in Registry**: -1. Click **Start**, type **Run**, and press **Enter** +1. Click **Start**, type **Run**, and press **Enter**. 2. From the **Run** dialog box, type **regedit** and press **Enter**.