Windows 11 command prompt virus scan guide

General
1

Running antivirus scans through Command Prompt in Windows 11 provides advanced control and flexibility, especially when the regular interface isn’t accessible. This guide covers various scanning methods using Windows Defender’s command-line tools.

Opening command prompt with admin rights

Before running any scans, you’ll need administrative access to Command Prompt:

  1. Open the Start menu and search for “Terminal”. Right-click the Terminal result and select “Run as administrator”

image
image700×421 110 KB

  1. When prompted by User Account Control, click “Yes” to proceed

image
image700×421 125 KB

  1. Click the dropdown arrow and choose “Command Prompt” to open a new Command Prompt tab

image
image728×438 54.7 KB

Full system scan

The most thorough scanning option examines every file, folder, and system area:

  1. Navigate to the Windows Defender directory:
cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

image
image750×436 29.3 KB

  1. Execute the full scan command:
MpCmdRun -Scan -ScanType 2

image
image925×545 42.3 KB

Boot sector scan

Scanning the boot sector helps detect malware that targets system startup:

  1. Access the Defender directory:
cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

image
image750×436 29.3 KB

  1. Run the boot sector scan:
MpCmdRun -Scan -ScanType -BootSectorScan

image
image1025×584 46.1 KB

Custom location scan

Target specific folders or drives for faster scanning:

  1. Enter the Defender directory:
cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

image
image750×436 29.3 KB

  1. Start the custom scan (replace with your target path):
MpCmdRun -Scan -ScanType 3 -File <directory>

image
image1196×562 56.1 KB

Quick scan

For rapid checking of common malware locations:

  1. Access the Defender folder:
cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

image
image750×436 29.3 KB

  1. Launch the quick scan:
MpCmdRun -Scan -ScanType 1

image
image920×509 42.4 KB

Updating virus definitions

Keep protection current by updating virus definitions:

  1. Navigate to Defender’s directory:
cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

image
image750×436 29.3 KB

  1. Update definitions:
MpCmdRun -SignatureUpdate

image
image893×549 43.5 KB

Managing quarantined items

Access and restore quarantined files when needed:

  1. Open Defender’s directory:
cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*

image
image750×436 29.3 KB

  1. View quarantined items:
MpCmdRun -Restore -ListAll

image
image894×497 32.4 KB

  1. Restore all items:
MpCmdRun -Restore -All

image
image864×476 29.4 KB

  1. Restore specific file:
MpCmdRun -Restore -Name <filename.extension>

image
image1170×493 63.3 KB

  1. Restore file to specific location:
MpCmdRun -Restore -Name <filename.extension> -FilePath <file directory>

image
image1184×528 69.6 KB