Run Malwarebytes From Command Prompt

Jun 27, 2018 How to update Windows Defender from the command line. All these commands rely on MpCmdRun.exe, the Microsoft Malware Protection engine process that can be launched from the Command Prompt.There. Run the Malwarebytes Cleanup Utility. Use Command Prompt to uninstall the Malwarebytes Endpoint Agent. For instructions, refer to the article Malwarebytes Support Tool for business environments ‌. After you have uninstalled the incompatible software, restart your database server. Step 1: Press the Windows key + R to start the Run dialog box. Type cmd here and press Ctrl + Shift + Enter to open the command prompt as administrator. Step 2: Type control userpasswords2 in the window and press enter. It should initiate the User Accounts panel. SCAN /AD Runs a scan on all local drives. Basic details about running an on-demand scan You can scan any file or directory on your file system from the command line by adding options to the basic command. Command-line conventions Use the following conventions when adding options to the command line: Separate each option with spaces. Malwarebytes Breach Remediation command line functionality is discussed in detail beginning on page 10. License Key Status Malwarebytes Breach Remediation uses a license key, which was provided to you upon your purchase of the client.

Since Windows 8, Windows Defender comes pre-installed in Microsoft’s operating system, thus offering malware protection by default and without the need for third-party solutions.

Windows Defender has further evolved in Windows 10, and in April 2018 Update it’s the key part of the so-called Windows Defender Security Center, a security hub grouping all features that are related in any way to your system’s protection against cyber-threats.

For many users in general, and for power users in particular, Windows Defender is just the right choice when it comes to malware protection, especially because Microsoft is making big efforts to bring it in line with third-party products. Real-time protection, daily definition updates, and more improvements landing with new OS feature updates are all part of Windows Defender’s security arsenal.

There are moments, however, when a malware infection disables Windows Defender UI’s or makes it impossible to run a scan from its interface. Thanks to the fact that it’s a native product, Windows Defender can also be used from the command line to run scans and perform updates.

How to update Windows Defender from the command line

All these commands rely on MpCmdRun.exe, the Microsoft Malware Protection engine process that can be launched from the Command Prompt. There’s a standard path that we’re going to use for each command, as it follows:

%ProgramFiles%Windows DefenderMpCmdRun.exe

Run Malwarebytes Scan From Command Line

If you installed Windows 10 on a different partition other than C: or if you changed the location of Windows Defender, you need to modify the path above accordingly.

In order to update Windows Defender from the command line, first launch Command Prompt by just typing cmd in the Start menu and then launch it as administrator. Send the following command to start the update process (make sure you keep the quotes):

'%ProgramFiles%Windows DefenderMpCmdRun.exe' -SignatureUpdate

How to scan your system for malware from the command line

Starting a scan with Windows Defender from Command Prompt comes down to the same path as mentioned above, but this time with a different parameter called ScanType. There are three different versions of ScanTypeRun Malwarebytes From Command Prompt as it follows:
ScanType 1 – Quick Scan
ScanType 2 – Full Scan
ScanType 3 – Custom scan
The command that you’re going to use for ScanType 1 and 2 is the following (make sure you change the X placeholder with the digit according to the Run malwarebytes from command promptScanType you want to use):'%ProgramFiles%Windows DefenderMpCmdRun.exe' -Scan -ScanType XRunning a custom scan also involves defining the location that you want to scan using the File parameter Scanning a folder called

Run Malwarebytes From Command Line

Frombgdftw located on the main C: drive should lead to the following command:

Run Malwarebytes From Command Prompt

'%ProgramFiles%Windows DefenderMpCmdRun.exe' -Scan -ScanType 3 -File C:bgdftwJust make sure that you correctly define the path to be scanned and if it returns and error, double-check the name of the folder you pointed to. You can also have Windows Defender scan just a specific file in a folder by simply providing the full path to the file including its extension.

Additionally, you can also use the command line to start a scan with Windows Defender of the boot sector. This is particularly helpful when malware infects the boot sector and starts before antivirus solutions, thus making such that it blocks any removal process and keeps the system infected. In this case, the command for the boot sector scan is the following:

'%ProgramFiles%Windows DefenderMpCmdRun.exe' -Scan -ScanType -BootSectorScan
Any of these commands can be used for scripts or BAT files that can be launched to perform automated scans on one or more computers in a network. They can be further mixed for more effective malware protection or removal in case of an existing infection hitting a bigger number of machines.

Short bio

PUM.Optional.DisallowRun is Malwarebytes’ detection name for potentially unwanted modifications (PUMs) in the Windows registry where users are prevented from running specific computer programs that could aid them in manually removing malware. For example the Registry Editor, the Command Prompt, or the Microsoft Management Console.

System modifications

The following registry entry is added:

Under:
HKEY_CURRENT_USERSoftwareMicrosoftWindows
CurrentVersionPoliciesExplorerDisallowRun

Entry:
{random 1 digit number}={executable file name of computer program}

Remediation

Malwarebytes can modify this registry value data back to its Windows default setting without user interaction.

Also, we advise users to do a full system scan as PUM.Optional.DisallowRun could have been added to the system by malware or PUP.

Add an exclusion

When a Potentially Unwanted Modification (PUM) is detected on your computer, Malwarebytes for Windows does not know whether it was authorized. Optimization software, malware, and Potentially Unwanted Programs (PUPs) are known to make these types of changes, hence they are regarded as potentially unwanted by design.
To have Malwarebytes for Windows ignore a PUM, you must add the PUM to the Allow list. Here’s how to do it.

  1. When a PUM appears in the list of Scan results.
  2. Uncheck the entry or entries related to the PUM.
  3. Then click on Next.
  4. You will see a prompt giving you several options.
  5. Choosing Always ignore will add the PUM to the Allow List.
  6. You can remove them there when you decide they should no longer be ignored.
  7. When the PUM is on the Allow list it will no longer show up in your Scan results.