Command restart windows command line

Knowing how to run Microsoft Defender (formerly Windows Defender) from the command line can be very useful. Perhaps you’ve been locked out of its UI due to malware, are trying to run a scan from recovery media, or are using a GUI-less Windows Server install. In any of these situations, knowing a scan command or two can save you a lot of trouble.

Though Microsoft Defender is easier to control from the Windows Security app, command-line antivirus is also quite simple and presents many of the same options. Importantly, it also allows you to automate your anti-malware tasks if you wish. You could create a script to automatically perform a quick scan at a certain time, for example, or to perform the same scans across multiple PCs.

In this tutorial, we’ll be showing how to update Microsoft Defender with CMD, as well as how to perform a quick, full, or custom scan. By the end of it, you should have a good idea of how command-line antivirus works.

⚠️ Please note: The process described below is the same in Windows 11 as it is in Windows 10. However, bear in mind that we’ll be using screenshots from Windows 10, so your UI may look a little different. We’ll point out any changes you need to be aware of as they come up.

How to Check for Updates for Microsoft Defender in the Command Line

How to Perform a Quick Virus Scan with the CMD Scan Command

How to Perform a Full Virus Scan via a Microsoft Defender CMD Command

How to Perform a Custom Command Line AntiVirus Scan

How to Perform a Boot Sector Malware Scan with the Microsoft Defender Command Line Tool

How to Restore Quarantined Items via a Microsoft Defender CMD Command

How can I schedule regular Microsoft Defender scans using CMD?

Use Windows Task Scheduler to create a task that runs the appropriate MpCmdRun command at your desired frequency. This isn’t covered in the tutorial but leverages the commands shown.

What are the differences between dynamic signatures and regular updates?

Dynamic signatures are frequently updated definitions to respond to emerging threats, while regular updates are more comprehensive but less frequent updates to Defender’s threat database.

Can I use CMD to configure Microsoft Defender’s real-time protection settings?

CMD doesn’t directly allow you to change real-time protection settings. These settings are typically adjusted through the Windows Security app or Group Policy Editor.

How do I check the health and status of Microsoft Defender via CMD?

Run “MpCmdRun -GetFiles” in CMD. This generates a report with information about Defender’s health and status, including recent activity and detection statistics.

Is it possible to update Microsoft Defender offline using CMD?

Yes, you can download the latest update package on another computer, transfer it to the offline machine, and use CMD to apply the update manually.

How do I disable Microsoft Defender using CMD?

Disabling Defender via CMD is not recommended and typically requires Group Policy changes. However, it can be temporarily turned off via the Windows Security app.

Can CMD commands be used to manage Microsoft Defender on remote computers?

Directly managing Defender on remote computers via CMD isn’t straightforward. It usually involves remote desktop or network management tools.

How do I interpret the scan results provided by CMD?

The CMD output will list detected threats and actions taken. For detailed analysis, refer to the Defender security logs in the Windows Event Viewer.

Can I use CMD to add or remove exclusions in Microsoft Defender?

Adding or removing exclusions via CMD isn’t directly supported. Use the Windows Security app for managing exclusions.

How do I restore Microsoft Defender to its default settings using CMD?

There’s no direct CMD command to reset Defender to default settings. This typically requires manual adjustments in the Windows Security app.

Is it possible to use CMD to view the update history of Microsoft Defender?

CMD doesn’t provide a direct way to view update history. This information can be found in the Windows Security app under the virus & threat protection updates section.

Can I use CMD to check which version of Microsoft Defender I am running?

Yes, navigate to the Defender folder in CMD and run “MpCmdRun -GetFiles”; this generates a report that includes version information.

How do I troubleshoot Microsoft Defender issues using CMD?

Use “MpCmdRun -GetFiles” to generate a detailed report for troubleshooting. For more complex issues, Windows Event Viewer or the Security app may provide additional insights.

Can CMD be used to manage Microsoft Defender’s cloud-based protection?

Managing cloud-based protection settings is not directly possible through CMD. These settings are typically configured in the Windows Security app.

Is there a way to use CMD to view all currently active Defender settings?

CMD doesn’t provide a comprehensive view of all active Defender settings. For a complete overview, use the Windows Security app or Group Policy Editor.

Related: How to Exclude a File or Folder from Microsoft Defender Scans

Microsoft Defender, formerly known as Windows Defender is incredibly useful for a free tool, providing Windows 10 users with competitive anti-virus technology and protecting against rootkits, ransomware, unwanted programs, and more. However, occasionally the program will keep flagging a file or folder that you know is safe. In these cases, it’s useful to know how to exclude a folder from Microsoft Defender scans.

Картинка с сайта: winbuzzer.com

Last Updated on November 7, 2024 11:13 pm CET

on April 21, 2009

shutdown /r

shutdown /r /t timeout_in_seconds

shutdown /s

shutdown /a

shutdown /r /f

shutdown /i

shutdown /r /c "This is the reason for the reboot of the computer"

wmic os where Primary='TRUE' reboot

Today, we are going to show you different methods to Enable/Disable Windows Defender Antivirus Service aka WinDefend. The first and foremost work of this service is to protect your PC from detrimental malware and virus attacks. It’s a Win32 service and gets installed automatically when you install the Windows 11 or 10 operating system. Hence, there is no hassle to download it manually. The location of WinDefend service is %ProgramFiles%\Windows Defender\MsMpEng.exe. If it is changed, damaged or deleted, you have no way left rather than restoring its original version from Windows 10 installation media.

Like other services, Windows Defender Antivirus Service functions as “LocalSystem”. For this, it has its own process which is MsMpEng.exe. The startup type of WinDefend service remains Automatic from when it gets installed. As a result, the service can initiate its operation automatically when the operating system starts. But if anything goes wrong, it fails to start. Mostly it happens when Remote Procedure Call service is stopped or disabled. In other cases, you can inspect Event Log as the failure details get recorded there.

Ways to Enable/Disable Windows Defender Antivirus Service in Windows 11 and 10

Here is How to Enable/Disable Windows Defender Antivirus Service in Windows 11 or 10 [WinDefend] –

1] Most Convenient way – Use Service console

Step-1: Press Windows and Q keyboard shortcuts to invoke Search bar and then type services in the given field.

Step-2: When the result shows up, hit Enter to open Services app.

Step-3: In the running console, scroll down to locate Windows Defender Antivirus Service.

Step-4: Once found, either double-click or right-click on the same and select Properties.

Step-5: A new wizard will come up with General tab opened. Change the Startup type to either Automatic or Manual using its drop-down menu.

Step-6: To enable Windows Defender Antivirus Service, click the Start button located under Service status.

Step-7: If you want to disable the same WinDefend service, simply hit the Stop button.

Step-8: Lastly, click on Apply and then OK to save the changes.

2] Run Command Prompt to enable/disable Windows Defender Antivirus Service

• Right-click on Start button and select Run from the Win+X menu.
• Type cmd.exe in the text field and thereafter press Shift+Ctrl+Enter hotkeys together.
• A UAC will prompt up, click Yes to run elevated Command Prompt.
• In the black window, type preferred command and hit Enter to change the startup type of WinDefend service –

Automatic –

REG add “HKLM\SYSTEM\CurrentControlSet\services\WinDefend” /v Start /t REG_DWORD /d 2 /f

Manual –

REG add “HKLM\SYSTEM\CurrentControlSet\services\WinDefend” /v Start /t REG_DWORD /d 3 /f

• Now, run the following command in the same black window to enable Windows Defender Antivirus Service –

net start WinDefend

• In order to disable Windows Defender Antivirus Service, execute the below command –

REG add “HKLM\SYSTEM\CurrentControlSet\services\WinDefend” /v Start /t REG_DWORD /d 4 /f

3] Modify the Registry key of WinDefend service

• Press Win+R hotkeys at one go to open the Run dialog box.
• Type regedit in the provided area and hit Enter.
• A UAC will come into the view, click Yes button to give consent.
• In Registry Editor window, navigate to the following path on its left sidebar –

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend

• Once you reach there, you will see Start DWORD in the right pane. Right-click on it and select Modify or simply double-click for the same purpose.
• In the Value data box, put preferred value followed by clicking OK button.

Automatic – 2

Manual – 3

Automatic (Delayed Start) – 2

Disabled – 4

4] Use System Configuration

Step#1: Press Windows key to open up the Start menu. Write down msconfig and hit Enter when you see the result.

Step#2: When System Configuration wizard rolls out in the display, shift to its Services tab.

Step#3: Scroll down a bit to locate Windows Defender Antivirus Service from the available list.

Step#4: After getting the same, do a click on the checkbox against it to put a tick mark.

Step#5: Later on, click on Apply and then OK button to implement the modifications of the service.

Step#6: If you want to disable the service, just clear the tick mark you put there.

Step#7: To make the changes effective, restart Windows 10 PC.

That’s all!!!

Microsoft Defender is a built-in antivirus software that comes pre-installed on all Windows 10 and 11 editions. Users can manage the Microsoft Defender antivirus from the Windows Security app GUI or using the PowerShell command line. This guide explains how to use PowerShell to enable/disable Microsoft Defender on Windows, how to manage various settings, and scan the computer for threats and viruses.

How to Check the Microsoft Defender Status with PowerShell

Only Windows desktop operating systems (such as Windows 11 or 10) have Microsoft Defender antivirus pre-installed. Open an elevated PowerShell prompt and check the current status of Microsoft Defender with the command:

Get-MpComputerStatus

Or quickly check if Microsoft Defender is on, which protection settings are enabled, and when antivirus definitions were last updated:

Get-MpComputerStatus | Select-Object -Property Antivirusenabled,AMServiceEnabled,AntispywareEnabled,BehaviorMonitorEnabled,IoavProtectionEnabled,NISEnabled,OnAccessProtectionEnabled,RealTimeProtectionEnabled,IsTamperProtected,AntivirusSignatureLastUpdated

Картинка с сайта: theitbros.com

If Defender Antivirus is disabled, check the following service statuses on a computer:

• Microsoft Defender Antivirus Service (WinDefend)
• Windows Security Service (SecurityHealthService),
• Security Center (wscsvc)

Get-Service Windefend, SecurityHealthService, wscsvc| Select Name,DisplayName,Status

Картинка с сайта: theitbros.com

How to Disable or Enable Microsoft Defender Protection using PowerShell

In Windows 10 and 11, you can temporarily pause Microsoft Defender protection or turn it off completely.

How to Temporarily Disable (Pause) the Defender Antivirus Protection on Windows

There is a built-in security feature called Tamper protection that is enabled by default in all modern versions of Windows (starting with build 21H2). This feature prevents users from modifying Defender security features through PowerShell, registry settings, or Group Policy.

Check the Tamper Protection state:

Get-MpComputerStatus | select IsTamperProtected

Картинка с сайта: theitbros.com

Tamper Protection can only be disabled from the Windows Security UI. Go to “Virus & Threat Protection” > click “Manage Settings” > scroll down to “Tamper Protection” and move the slider to the “Off” position.

Картинка с сайта: theitbros.com

Tamper protection is off. Your device may be vulnerable.

Картинка с сайта: theitbros.com

Now disable Microsoft Defender real-time protection with PowerShell:

Set-MpPreference -DisableRealtimeMonitoring $true

Disable the cloud-delivered protection:

Set-MpPreference -MAPSReporting Disabled

Картинка с сайта: theitbros.com

This will suspend antivirus protection in Windows until the next restart.

To restore real-time protection, run:

Set-MpPreference -DisableRealtimeMonitoring $false

Turn on cloud-delivered protection:

Set-MpPreference -MAPSReporting Advanced

Permanently Turn Off Microsoft Defender on Windows 11 or 10

If you have a third-party certified AV solution installed on the computer, Microsoft Defender antivirus will automatically switch to passive EDR or block mode. But in some cases, you may to completely disable Microsoft Defender on a computer without installing third-party AV.

In earlier versions of Windows, the Microsoft Defender Antivirus can be disabled using the GPO option Turn off Windows Defender Antivirus (Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus) or with the DisableAntiSpyware = 1 registry parameter. However, these options no longer completely disable Microsoft Defender Antivirus in the latest Windows 10 and 11 builds.

Картинка с сайта: theitbros.com

The only way to completely disable Microsoft Defender is to restart your computer in Safe Mode and prevent the Defender services from starting.

1. To boot Windows into the Safe Mode, run:

   bcdedit /set {current} safeboot minimal
   
   shutdown -r -t 0

   

   Картинка с сайта: theitbros.com

2. Open the Registry Editor (regedit.exe) after booting into Safe Mode
3. Then open the following registry keys one by one and change the value of the Start registry parameter in each key to 4
   
4. Now turn off the Safe Mode Boot mode and restart Windows:

   bcdedit /deletevalue {current} safeboot

   Sign into Windows with your account and check that Microsoft Defender is now disabled.

   

   Картинка с сайта: theitbros.com

Картинка с сайта: theitbros.com

Uninstall Windows Defender on Windows Server 2019/2016 using PowerShell

Microsoft Defender is not pre-installed by default on Windows Server 2019/2016 platforms. It can be installed as an additional feature:

Install-WindowsFeature -Name Windows-Defender

If you want to uninstall Windows Defender on a Windows Server, remove the feature:

Uninstall-WindowsFeature -Name Windows-Defender

Manage Microsoft Defender Using PowerShell

Microsoft.SecHealthUI is a graphical UWP app that can be used for the management of Microsoft Defender on Windows 10 and 11 (available via Settings > Privacy & Security > Windows Security or with the ms-settings:windowsdefender command).

Картинка с сайта: theitbros.com

All of the Microsoft Defender configuration settings that are available in the Windows Security app can be performed using the PowerShell cmdlets of the built-in Defender module. List available cmdlets in this module:

Get-Command -Module Defender

Картинка с сайта: theitbros.com

You can get help about a specific cmdlet from the Defender module:

Get-Help Start-MpScan –Full

Or only list examples:

Get-Help Add-MpPreference -Examples

The following are the most common Microsoft Defender management tasks that you can perform from the PowerShell prompt:

Turn certain Microsoft Defender security options on or off

The following Microsoft Defender features are disabled by default:

• DisableCatchupFullScan.
• DisableCatchupQuickScan.
• DisableCpuThrottleOnIdleScans.
• DisableEmailScanning.
• DisableRemovableDriveScanning.
• DisableRestorePoint.
• DisableScanningMappedNetworkDrivesForFullScan.
• EnableFileHashComputation.
• EnableFullScanOnBatteryPower.
• EnableLowCpuPriority.

For example, enable automatic scanning of removable drives:

Set-MpPreference -DisableRemovableDriveScanning $false

Картинка с сайта: theitbros.com

Disable real-time scanning of archive files (files (RAR, ZIP, CAB):

Set-MpPreference -DisableArchiveScanning $True

Enable protect against unwanted programs (Potentially Unwanted Program — PUP, Potentially Unwanted Application — PUA):

Set-MpPreference -PUAProtection 1

Manage Microsoft Defender antivirus exclusions

• Add paths to the antivirus exclusions:

  Add-MpPreference -ExclusionPath C:\Video, C:\install

• Remove a folder exclusion:

  Remove-MpPreference -ExclusionPath C:\install

• Exclude process from real-time antivirus scanning:

  Set-MpPreference -ExclusionProcess "word.exe", "vmwp.exe"

• Exclude specific file extensions from Microsoft Defender scan:

  Set-MpPreference -ExclusionExtension *.mp3,*.MP4,*.wav,*.EDB

Disable Microsoft Defender user interface (UI)

Set-MpPreference -UILockdown $true

‘Virus and threat protection’ section will be hidden from the Windows Security UI.

Картинка с сайта: theitbros.com

Update Microsoft Defender signatures

Update-MpSignature

Update antivirus definitions from a shared network folder on your LAN. Download the necessary definition update files and set an UNC path as the default update source:

Set-MpPreference -SignatureDefinitionUpdateFileSharesSources \\DESKTOP-V20E3PO\Updates

Update the virus and malware definitions:

Update-MpSignature -UpdateSource FileShares

Update-MpSignature

Run an on-demand antivirus scan

Start-MpScan -ScanType CustomScan -ScanPath ”C:\Program Files”

Картинка с сайта: theitbros.com

Perform a full computer scan:

Start-MpScan -ScanType FullScan

Or quick threats scan:

Start-MpScan -ScanType QuickScan

Run an offline scan by booting into an isolated WinPE environment.

Start-MpWDOScan

Картинка с сайта: theitbros.com

View threat history

Get-MpThreat

List of active and pass malware detections:

Get-MpThreatDetection

Картинка с сайта: theitbros.com

To remove all active threats:

Remove-MpThreat