0

Microsoft has multiple versions of the Defender executable (MpCmdRun.exe) installed on my computer. There is an obvious one in "C:\Program Files\Windows Defender\MpCmdRun.exe" but then two others in "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\MpCmdRun.exe" and "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MpCmdRun.exe". The folders all have different versions of MpCmdRun.exe.

Per Microsoft, the latest version is the 4.18.2011.6-0 version, but how would I know this if I hadn't researched? And if I encode some dependency on this location (see below), how would I know when it's been superceded?

My goal is to create a custom scheduled task for Defender that runs full scans rather than quick scans. I tried whacking on the existing Windows Defender task definitions (in Task Scheduler -> Task Scheduler Library -> Microsoft -> Windows -> Windows Defender), but the tasks periodically modify themselves (after updates, etc.) and my changes are lost. I can readily create my own custom task, but I have to know the location of MpCmdRun.exe which, as I pointed out above, seems to move around.

Does anyone know of a reliable way to determine what the location of the latest Defender executable is, preferably easy enough to use in a command line?

Also, anyone have any clues about why Microsoft did it this way? Why not just keep the latest version in "C:\Program Files\Windows Defender"? And why leave old version laying around?

BoCoKeith
  • 817
  • 10
  • 21

1 Answers1

1

Slow down.

I found the instructions in 30 seconds.

https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus

o.o
  • 100
  • 4
  • 2
    Thanks for the answer (and I've marked it as such). The link is referring to Microsoft Defender for Endpoint, but it seems to apply for me as well. A little less snide would be appreciated. – BoCoKeith Dec 31 '20 at 20:08