Command-line scanning a directory or file with Microsoft Security Essentials

After doing the usual web search with Google and Bing I found only sites claiming doing a scan with Microsoft Security Essentials of a file or directory from the command-line was not possible. Most sites just say it’s possible to initiate a quick or full scan or even update signatures from the command-line. But as Microsoft Security Essentials has real-time protection there is no need to scan manually (as a lot of us are used to) to make sure the file is scanned.

But on Windows 7 (x64 version confirmed) the tools in %ProgramFiles%\Microsoft Security Client contain some files that look promising. My first guess was to look into %ProgramFiles%\Microsoft Security Client\msseces.exe, but that program only pops-up the user-interface and worse case starts a default scan.

As Microsoft Security Essentials is able to scan manually (it has a explorer context menu, located in %ProgramFiles%\Microsoft Security Client\shell.ext.dll)

A far shot was to search for rundll32 to be used to fire the context menu but all I found was references to viruses and trojans doing the same (so not the best way to walk)

Finally I accidently fired up one of the other executables in %ProgramFiles%\Microsoft Security Client with a promising name (MpCmdRun.exe) with a switch –h and voila a long description with the answer tucked inside.

By issuing the command

“%ProgramFiles%\Microsoft Security Client\MpCmdRun.exe” -Scan -ScanType 3 –File “<file or folder to scan>”

one is able to start the command-line version of Microsoft Security Essentials, make it perform a file or folder scan and thus integrate it with popular tools like Winrar like:


Note: although %ProgramFiles% points to c:\program files at both Windows x86 and x64, not all applications will expand it properly to something like c:\program files.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s