How to Run a Windows Defender Scan in Batch Script
Windows Defender (Microsoft Defender Antivirus) is the built-in security shield for all modern Windows installations. While most users interact with it through the graphical "Windows Security" app, administrators and power users can control the antivirus engine via the command line using a tool called MpCmdRun.exe. This allows you to schedule scans, automate system cleanup after a suspicious event, or create a simple "Security Maintenance" Batch script that a user can run with one click.
This guide explains how to trigger Quick and Full scans programmatically.
Why Automate Defender Scans?
- Scheduled Maintenance: Forcing a deep scan overnight without user interaction.
- Incident Response: Automatically scanning a specific folder (like
Downloads) as soon as a Batch script detects new files. - System Health Checks: Including a security scan as part of a weekly PC tune-up script.
MpCmdRun.exe is part of every Windows 10 and 11 installation. It is located in the Windows Defender folder within Program Files.
Locating the Defender Engine
Depending on your version of Windows, the executable is usually found in:
"C:\Program Files\Windows Defender\MpCmdRun.exe"
On newer builds, the engine may be in a versioned subfolder under ProgramData. The scripts below dynamically locate the correct path.
Method 1: Running a Quick Scan
A Quick Scan looks at the most common locations where malware hides (Registry, memory, and system folders). It usually takes less than 5 minutes.
@echo off
setlocal
:: Dynamically locate MpCmdRun.exe
set "MP_PATH="
if exist "%ProgramFiles%\Windows Defender\MpCmdRun.exe" (
set "MP_PATH=%ProgramFiles%\Windows Defender\MpCmdRun.exe"
) else (
for /f "delims=" %%f in ('dir /s /b "%ProgramData%\Microsoft\Windows Defender\Platform\MpCmdRun.exe" 2^>nul') do set "MP_PATH=%%f"
)
if not defined MP_PATH (
echo [ERROR] Could not locate MpCmdRun.exe.
pause
exit /b 1
)
echo [PROCESS] Starting Windows Defender QUICK SCAN...
echo [INFO] Using: %MP_PATH%
echo.
"%MP_PATH%" -Scan -ScanType 1
if %errorlevel% equ 0 (
echo [SUCCESS] Quick scan completed. No threats found.
) else if %errorlevel% equ 2 (
echo [WARNING] Scan completed but threats were detected.
echo [ACTION] Open Windows Security to review and take action.
) else (
echo [ERROR] Scan encountered an error. Code: %errorlevel%
)
pause
Method 2: Running a Full Scan
A Full Scan checks every file on every drive and looks inside archive files (zip/rar). It can take several hours depending on your disk size.
@echo off
setlocal
:: Locate the Defender engine
set "MP_PATH="
if exist "%ProgramFiles%\Windows Defender\MpCmdRun.exe" (
set "MP_PATH=%ProgramFiles%\Windows Defender\MpCmdRun.exe"
) else (
for /f "delims=" %%f in ('dir /s /b "%ProgramData%\Microsoft\Windows Defender\Platform\MpCmdRun.exe" 2^>nul') do set "MP_PATH=%%f"
)
if not defined MP_PATH (
echo [ERROR] Could not locate MpCmdRun.exe.
pause
exit /b 1
)
echo [PROCESS] Starting COMPREHENSIVE FULL SCAN...
echo [INFO] This will take a long time. Please leave the window open.
echo.
"%MP_PATH%" -Scan -ScanType 2
echo.
if %errorlevel% equ 0 (
echo [SUCCESS] Full scan completed. No threats found.
) else if %errorlevel% equ 2 (
echo [WARNING] Scan completed but threats were detected.
echo [ACTION] Open Windows Security to review and take action.
) else (
echo [ERROR] Scan encountered an error. Code: %errorlevel%
)
pause
Method 3: Scanning a Specific Directory
If you only want to check a specific folder (like a USB drive), use -ScanType 3 along with the -File flag.
@echo off
setlocal
set "TARGET=C:\Temp"
:: Locate the Defender engine
set "MP_PATH="
if exist "%ProgramFiles%\Windows Defender\MpCmdRun.exe" (
set "MP_PATH=%ProgramFiles%\Windows Defender\MpCmdRun.exe"
) else (
for /f "delims=" %%f in ('dir /s /b "%ProgramData%\Microsoft\Windows Defender\Platform\MpCmdRun.exe" 2^>nul') do set "MP_PATH=%%f"
)
if not defined MP_PATH (
echo [ERROR] Could not locate MpCmdRun.exe.
pause
exit /b 1
)
:: Verify target directory exists
if not exist "%TARGET%" (
echo [ERROR] Target folder does not exist: %TARGET%
pause
exit /b 1
)
echo [PROCESS] Scanning targeted folder: %TARGET%
echo.
"%MP_PATH%" -Scan -ScanType 3 -File "%TARGET%"
if %errorlevel% equ 0 (
echo [SUCCESS] Folder scan completed. No threats found.
) else if %errorlevel% equ 2 (
echo [WARNING] Threats were detected in %TARGET%.
) else (
echo [ERROR] Scan encountered an error. Code: %errorlevel%
)
pause
Common Pitfalls and How to Avoid Them
Administrative Rights
While some basic status commands work without elevation, running a system-wide scan reliably requires Administrator privileges to access restricted system files.
Wrong Way:
:: Running as a standard user
MpCmdRun.exe -Scan
:: May fail to scan protected C:\Windows folders.
Path Deviations
In newer builds of Windows 10/11, the Defender engine might be updated into a subfolder with a version number (e.g., ProgramData\Microsoft\Windows Defender\Platform\<version>).
Never hardcode the path to MpCmdRun.exe. Use the dynamic detection approach shown in the scripts above: check the standard Program Files\Windows Defender location first, then search the ProgramData\Microsoft\Windows Defender\Platform directory tree as a fallback.
Best Practices for Security Automation
- Update Signatures First: Always update your virus definitions before starting a scan to ensure you catch the latest threats:
"%MP_PATH%" -SignatureUpdate - Use Silent Mode: If running in the background, you can suppress most output, though the CMD window will still show the scan progress.
- Check for Threats: After the scan, you can check the logs or use
MpCmdRun.exe -GetDeviceHealthto see if the overall system status is "Clean."
Running a Full Scan will significantly slow down your CPU and Disk I/O. For automated scripts, it is best to use Quick Scan during the day and schedule Full Scans for after-hours.
Conclusion
Running a Windows Defender scan via Batch script is a powerful way to add a layer of automated security to your Windows maintenance routine. By utilizing the MpCmdRun.exe utility, you can orchestrate complex security tasks, from targeted folder checks to full system audits, with absolute precision. This professional approach to system protection ensures that your machines remain healthy and secure without requiring manual intervention, making your IT workflows more resilient and efficient in the face of modern digital threats.