What is Mpcmdrun.exe – Uses, Safe or Virus

  • Amar 
  • OS

Mpcmdrun.exe is an essential file of Windows OS and used by Windows Security. This process may use internet data but is not malware. It can be disabled if Mpcmdrun.exe is consuming the internet on regular basis.

Mpcmdrun.exe file information

What is Mpcmdrun.exe?

The Microsoft Malware Protection Command Line Utility, also known as MpCmdRun.exe, is an integrant of Microsoft Malware Protection and it is especially useful for users who wish to mechanize Windows Defender tasks.

File Size and Location

MpCmdRun.exe can be found in the C:\Program Files\Windows Defender folder and it usually takes up around 460 KB of space in Windows 10.

Quick Overview

File Name:MpCmdRun.exe
File Description:Microsoft Malware Protection Command Line Utility
Type:Executable Application
File Size:460 KB
File Version:4.12.16299.1004 (WinBuild.160101.0800)
Product Name:Microsoft® Windows® Operating System
Copyright:Microsoft Corporation

mpcmdrun.exe file location

Why Mpcmdrun.exe is consuming Internet data?

Many users have noticed that Mpcmdrun.exe consuming internet data and it automatically startup as soon as the PC turns on. This happens because Windows Defender (Mpcmdrun) file tries to download the updates at the system background. And usually, it downloads the updates for few minutes (depending on your net speed) and then atomically disappears.

You may ignore this issue as Mpcmdrun doesn’t use the internet connection on a regular basis. It just tries to connect to the server and find whether there are any updates available for Windows Defender.

However, if you are experiencing regular internet data consumption by Mpcmdrun.exe then you may consider disabling Windows Defender in Windows 10. You can find the difference between Kaspersky and Avast here.

Is Mpcmdrun a Malware?

Trojans can often infect a system under the guise of legitimate executables such as MpCmdRun.exe. If your file is malfunctioning, ensure that it is not a Trojan virus, and you can check by looking at the file’s location. If the file cannot be found in its official location, then you might have a virus on your system and you must remove it immediately.

The best way to figure out whether MpCMDRun.exe is malware or a safe file is to check its Digital Signatures.

1) Right-click on MpCMDRun.exe

2) Choose Properties

3) Click on the Digital Signatures tab

4) It should show below details like sh1 and sha256

mpcmdrun digital- signatures

If this information is there then mpcmdrun.exe is a safe file.

Sample Commands

To use Mpcmdrun utility effectively, you must run it as an administrator. You can do so by entering Command Prompt in the Windows Search bar, and then selecting the option Run as administrator.

This utility uses the following syntax:

MpCmdRun.exe [command] [-options]

i. Scan [-ScanType [<value>]] [-File <path> [-DisableRemediation] [-BootSectorScan] [-CpuThrottling]] [-Timeout <days>] [-Cancel]: Runs an examination for any malware. CpuThrottling operates according to the policy setup, but values for ScanType are as follows:

  • 0 – Default, following your setup.
  • 1- Quick Scan
  • 2- Full Scan
  • 3- Custom scan for the files and directories.

ii. Trace [-Grouping #] [-Level #]: Initiates diagnostic tracing.

iii. GetFiles [-SupportLogLocation <path>]: Retrieves support data.

iv. GetFilesDiagTrack: This command retrieves the supporting data, but outputs to a transient ‘DiagTrack’ folder.

v. RemoveDefinitions [-All]: Returns the connected Security intelligence to its default set or a previous backup copy.

vi. RemoveDefinitions [-DynamicSignatures]: Only omits the dynamically installed Security intelligence.

vii. RemoveDefinitions [-Engine]: Returns the preceding installed engine.

viii. SignatureUpdate [-UNC \| -MMPC]: It Verifies new available Security intelligence updates.

ix. Restore [-ListAll \| [[-Name <name>] [-All] \| [-FilePath <filePath>]] [-Path <path>]]: Returns or catalogues quarantined items.

x. AddDynamicSignature [-Path]: it simply loads the dynamic Security intelligence.

xi. ListAllDynamicSignatures: Catalogues the dynamic Security intelligence.

xii. RemoveDynamicSignature [-SignatureSetID]: Eliminates the dynamic Security intelligence.

xiii. CheckExclusion -path <path>: Checks whether or not a path is excluded.

xiv. ValidateMapsConnection: Confirms whether or not a network can communicate with the Windows Defender Antivirus cloud service. This command is only applicable to Windows 10.

Other similar files:


Leave a Reply

Your email address will not be published. Required fields are marked *