Question

Q: Total number of files scanned in mpcmdrun.exe log

When a malware scan is initiated through the command line utility, the logs should be useful. But i am not finding the number of files scanned , in  the log which is very important to see whether the scan went well.

MpCmdRun: Command Line: "C:\Program Files\Windows Defender\MpCmdRun.exe"  -Scan -ScanType 3 -File "E:\MY DATA\Excel"
 Start Time: ‎Fri ‎Apr ‎05 ‎2013 02:50:17

Start: MpScan(MP_FEATURE_SUPPORTED, dwOptions=3, path E:\MY DATA\Excel, DisableRemediation = 0)
INFO: ScheduleJob is not set. Skipping signature update.
Scanning path as folder: E:\MY DATA\Excel.
MpScan() started
MpScan() was completed
Finish: MpScanStart(MP_FEATURE_SUPPORTED, dwOptions=16385)
Finish: MpScan(MP_FEATURE_SUPPORTED, dwOptions=16385, path E:\MY DATA\Excel, DisableRemediation = 0)
Scanning E:\MY DATA\Excel found no threats.
MpScan() has detected 0 threats.
MpCmdRun: End Time: ‎Fri ‎Apr ‎05 ‎2013 02:50:17

A total  number of files scanned will inspire confidence for the user.


* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

^_^
Windows Insider MVP (Security), Moderator Microsoft Community

Did this solve your problem?

Sorry this didn't help.


Also how will i be able to pass a multiple files or multiple folders using a batch file for scanning. also do this on a whole drive / partition.

Disable remediation - file exclusion ignored ( it ignore exclusion list and scan files in it or ignores the files in the list from scanning)

Did this solve your problem?

Sorry this didn't help.


These are older links, too, so the paths defined are for the older version of MSE, I believe, but the switches will work the same.

Command Line Interface:

http://answers.microsoft.com/en-us/protect/forum/protect_start/running-mse-full-scan-as-a-scheduled-task/f627f5ce-0b74-4b1d-be64-d6ceeb4d9b02

 

http://answers.microsoft.com/en-us/protect/forum/protect_scanning/does-mse-have-the-ability-to-scan-from-the-command/809b0b84-9396-49b2-95c4-68e7ec539fc7

I don't know that you can pass multiple files or folders. I believe you can specify a custom scan to scan a specific folder or file, not multiples.

 

-steve

^_^
Windows Insider MVP (Security), Moderator Microsoft Community

Did this solve your problem?

Sorry this didn't help.


I don’t think the number of items scanned is retained anywhere. But scanning errors will be reported in the Windows Defender\Operational log (in Event Viewer at this location: Applications and Services Logs\Microsoft\Windows\Windows Defender\Operational) as Windows Defender “1002” events, while successful scans are logged as Windows Defender “1001” events. I see that this log hasn’t been updated on my PC since 3/29/2013, so it looks like one more thing to add to the fix-it list.

 

Steve is correct; the “ScanType 3” parameter will only scan an individual file, folder, or drive. There isn’t a command line version of the GUI Custom Scan where we can concatenate multiple targets; so we need to use a separate scan for each specific target (file, folder, or drive). However, we can run several command line scans in parallel (this can be rather taxing on system resources), or we can run multiple command line scans consecutively with a batch file.

 

The scan target can also be expressed as a variable, which allows us to drag and drop individual files, folders, or drives unto a desktop batch file icon in order to scan them. This makes it extremely easy to start several command line scans that run simultaneously:

http://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_start/windows-defender/a4ab35cb-282e-4e6c-826a-319b6aad0bcf

 

 

GreginMich

Did this solve your problem?

Sorry this didn't help.


@GFreginMich you seems to be the expert here. Thank you for the response. 

Few queries :

1) By any means i can select multiple files/ Multiple folders Or in a mixed combination be dragged onto your batch file for the scan?

2) Will it work for the send to option (multiple files/folders/combination)

3) we can run multiple command line scans consecutively with a batch file ? - how to pass these files to it through context menu or drag and drop or send to.


Did this solve your problem?

Sorry this didn't help.


GreginMich is indeed very well versed in the command line capabilities, among other things.

 

1. "dragged onto your batch file" means what to you? A batch file is a text file with a .BAT extension containing commands that can also be executed in a Command Prompt window. Think of it as a script of steps you wish to carry out. The Defender/MSE command line interface allows you to execute actions  at a Command prompt. You can enter these full commands with arguments into a text file as a list. Each line is a command.

For your scenario of scanning multiple objects via the command line, you would need to create a series of sequential steps -- one for each object as the target to be scanned.

2.  I think you are trying to use Send To in order to initiate a scan via a context menu. No, this would not be the way to do it. There are some "hacks" available to add a scan with Defender option to the Windows Explorer context menu. In my opinion (we all have these!), there is no good reason to do this. Real  time protection is already looking at files when saved, opened, accesses.

3. Yes. See number 1. Until you add this concept of pass through to context or send to. The concept described in #1 for creating a multi-line .BAT file with a sequence of actions would be to have a scripted set of actions to call from the scheduler or to run by clicking a saved icon, for example. Your file would have to include the target of the action(s) and all arguments, so any attempt to use this in the context menu with variable targets would be futile.

-steve

^_^
Windows Insider MVP (Security), Moderator Microsoft Community

Did this solve your problem?

Sorry this didn't help.


I don’t think you can get around the “single” file, folder, or drive limitation. If you drop a group of files or folders on the icon, it will only scan one of them. If you want to scan more than one file or folder you’ll need to “hard code” your batch file; just open Notepad and make a list of your scans, like this:

 

"C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "C:\program files\Intel"

"C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "C:\program files\IDT"

Pause  

 

Now name the file, give it a .bat extension, and save it to your desktop. Then double-click the icon to run your list of scans.

 

 

GreginMich

Did this solve your problem?

Sorry this didn't help.


Not positive, GreginMich, but I think that the OP is trying to create a context menu solution for scanning a target or targets.

-steve

^_^
Windows Insider MVP (Security), Moderator Microsoft Community

Did this solve your problem?

Sorry this didn't help.


both solutions will do but should be a solid one. By the method above the scanning will be initiated in parallel consuming resources  
or will it get queued up or launch only one instance of defender process with affinity towards one core. 
Then we got only 50% usage even when its trying to tax right?

Thank you steve and greg. 

 

Did this solve your problem?

Sorry this didn't help.


A .BAT file with a sequence of commands will execute sequentially.

-steve

^_^
Windows Insider MVP (Security), Moderator Microsoft Community

Did this solve your problem?

Sorry this didn't help.


* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 
Question Info

Views: 1,438 Last updated: June 23, 2018 Applies to: