Virus Scanning

Every time I download a file using other browsers (other than IE or Edge), I have to right-click on the files to start the Windows Defender Virus search engine which is boring. Is there a possibility that other browsers could automatically trigger Windows Defender to scan the files? I have tried to configure "MpCmdRun.exe" in the file path "C:\Program Files\Windows Defender" under the CMD box, but I still could not MAKE it. Any suggestions will be welcome!
 

Question Info


Last updated August 5, 2019 Views 1,281 Applies to:
Answer
Answer

This manual scanning of files hasn't been necessary with any Windows compliant antivirus or antispyware application since Windows XP, since Microsoft added the original IOfficeAntiVirus, IAttachmentExecute and IShellExecuteHook interfaces to allow the first real-time scanning for malware within Windows.

Microsoft Windows Defender helps provide real-time protection

These interfaces and others that have been designed since that time have been improved to not only allow Windows Defender and other Microsoft or 3rd-party security programs to perform real-time scanning of new files, but also many more complex functions including network monitoring of the Windows Firewall and other critical system functions.  Even though Windows Defender first included these abilities in Windows Vista itself, it wasn't until Windows 8 that antivirus was included, since Microsoft Security Essentials was the security product for Windows XP thru Windows 7 that included antivirus as well.

Windows Defender Explained

What you are perceiving as "starting the Windows Defender Virus search engine", is actually just the display of the Internet Explorer or Edge file download manager, which displays additional status information about the download process for these files.  In any case, whenever you download a file using either another 3rd-party browser or any application such as say an FTP or other Internet accessible client, the file will always be scanned when it s written to disk using one of the interfaces mentioned in the first article above.

The only difference is that these other browsers or client applications may not always display download status information that's as complete, but just as with any file written to disk they will always be scanned automatically as long as the real-time protection setting within Windows Defender is enabled, which is the default in Windows 10.

Rob

8 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Answer
Answer

Every time I download a file using other browsers (other than IE or Edge), I have to right-click on the files to start the Windows Defender Virus search engine which is boring. Is there a possibility that other browsers could automatically trigger Windows Defender to scan the files? I have tried to configure "MpCmdRun.exe" in the file path "C:\Program Files\Windows Defender" under the CMD box, but I still could not MAKE it. Any suggestions will be welcome!

This is a little confusing, but I think that IOAV Protection actually just allows clients to request an on-demand scan from Windows Defender because Defender’s real-time protection (on-access) does not have the ability to unpack and scan the contents of container files when they’re downloaded and written to disk. Real-time protection will only make a detection for an archived malware file when the container file is extracted, or when the malware file is executed; whereas on-demand scans will routinely look inside containers.  

There are a few AV apps out there that actually do have an option to unpack and scan the contents of container files on-access; but Windows Defender isn’t one of them – and as far as I know, that’s the raison d'être for IOAV Protection. IOAV Protection is currently implemented, and activated by default, in Windows Defender; although the TechNet article for the Set-MpPreference cmdlet was just updated, and it still has the logic for all of the disable commands inverted. IOAV Protection is actually enabled when the parameter is set to $False (disable false). That can be confirmed by running the Get-MpPreference command at the PowerShell prompt:

https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference

-DisableIOAVProtection

Indicates whether Windows Defender scans all downloaded files and attachments. If you specify a value of $True or do not specify a value, scanning downloaded files and attachments is enabled.

But some people are still concerned about browsers and download managers that don’t implement the client-side IOAV scan calls – because when an IOAV scan doesn’t get called by a third-party browser or download manager, archived malware could potentially go undetected until you run a Full Scan with Defender – depending on the download location that you choose. And that’s actually one of the primary reasons why you’d want to run Full Scan every now and then – to look for malware that Defender’s real-time protection might have missed because it’s hiding in container files. But we’re obviously getting into a grey area here – because lots of people would rather just perpetuate the myth that Defender’s real-time protection has X-ray vision. It doesn't.

Right-clicking on the downloaded file and choosing “Scan with Windows Defender” will run the same type of on-demand scan that IOAV Protection runs – but you actually should be able to automate the scan in browsers and download managers that provide an input box for the scan's command line, e.g.:

https://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/performing-a-virus-check/0b9758e0-bc4e-4395-a25b-ea1ba98868c8?page=~pagenum~

The command line for scanning a single file was actually added to Defender's Command Line Utility belatedly, in response to a popular demand here the V&M forum for a way to enable precisely this kind of "save and scan" protection for third-party browsers and download managers that don't implement IOAV scan calls. 

The confusion in the Microsoft documentation stems from an equivocation with the meaning of “real-time protection”. The article on IOAV Protection was originally written for the old (antispyware only) version of Windows Defender, which didn’t have the file system filter driver that the new Windows Defender uses to provide bonna fide (on-access) real-time protection – so the article refers to the automated on-demand scanning that’s done by IOAV Protection as “real-time protection”, although it has nothing to do with the on-access file system monitoring that we now refer to as “real-time protection”. And of course the recent review of the article just glossed over this archaic use of the term “real-time protection”. To its credit, the old article does attempt to properly limit the scope of IOAV Protection:

…Windows Defender will scan files that you download by using Microsoft Internet Explorer or by using Microsoft Outlook Express before you open the files.

GreginMich

1 person was helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.