Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

1.1.1600.0 69.51%
1.1.1600.0 4.88%
1.1.1593.0 19.51%
1.1.1505.0 6.10%

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
TraceEvent, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, CreateProcessAsUserW, CreateRestrictedToken, LogonUserW, GetUserNameW, OpenProcessToken, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, RegCloseKey, ReadEventLogW, RegQueryValueExW, RegOpenKeyExW, CloseEventLog, GetNumberOfEventLogRecords, GetOldestEventLogRecord, OpenEventLogW, RegOpenKeyW, CryptReleaseContext, CryptDestroyHash, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptGenRandom, CryptAcquireContextW, RegCreateKeyExW, RegSetValueExW
kernel32.dll
GetCommandLineW, Sleep, SetEvent, WaitForSingleObject, CreateEventW, VerifyVersionInfoW, VerSetConditionMask, GetCurrentProcess, TerminateProcess, GetSystemTime, CopyFileW, GetTickCount, FindClose, FindNextFileW, FindFirstFileW, CreateDirectoryW, FileTimeToSystemTime, FileTimeToLocalFileTime, FormatMessageA, WideCharToMultiByte, LoadLibraryExW, GetLocalTime, GetDateFormatW, GetTimeFormatW, CreateFileW, SetFilePointer, CloseHandle, WriteFile, SetLastError, ExpandEnvironmentStringsW, GlobalFree, SetFilePointerEx, SetEndOfFile, SystemTimeToFileTime, CreateThread, ResetEvent, InitializeCriticalSectionAndSpinCount, InitializeCriticalSection, TryEnterCriticalSection, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, FormatMessageW, GetFileSizeEx, GetFileTime, GetSystemDefaultLCID, GetSystemInfo, GetVersionExW, GetSystemDirectoryW, WaitForMultipleObjects, CreateTimerQueueTimer, DeleteTimerQueueTimer, DeleteFileW, SetFileAttributesW, HeapFree, HeapAlloc, GetFileInformationByHandle, FileTimeToDosDateTime, GetFileAttributesW, MultiByteToWideChar, UnhandledExceptionFilter, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedCompareExchange, SetErrorMode, InterlockedDecrement, InterlockedIncrement, InterlockedExchange, LoadLibraryW, GetProcAddress, FreeLibrary, LocalAlloc, LocalFree, GetLastError, OutputDebugStringA, GetExitCodeProcess
mpclient.dll
MpRollbackEngine, MpConfigGetValueAlloc, MpAllocMemory, MpConfigIteratorClose, MpConfigIteratorEnum, MpConfigIteratorOpen, MpTraceStop, MpTraceStart, MpOpen, MpSignaturesUpdateClose, MpScanCreateReport, MpGetEngineVersion, MpFreeMemory, MpClientUtilExportFunctions, MpConfigInitialize, MpConfigUninitialize, MpScanResult, MpClose, MpScanClose, MpCleanClose, MpDownloadAndUpdateSignaturesEx, MpConfigGetValue, MpConfigClose, MpConfigOpen, MpCleanThreats, MpCleanOpen, MpScanOpen, MpScan, MpConfigDelValue
msvcp80.dll
DllMain
msvcr80.dll
DllMain
msvcrt.dll
DllMain
netapi32.dll
NetGetJoinInformation, NetApiBufferFree
ole32.dll
StringFromGUID2, CoInitializeEx, CoCreateInstance, OleRun, CoInitialize, CoUninitialize, CoCreateGuid
rpcrt4.dll
NdrOleAllocate, NdrOleFree, IUnknown_QueryInterface_Proxy, IUnknown_AddRef_Proxy, IUnknown_Release_Proxy, NdrStubForwardingFunction, NdrStubCall2, NdrCStdStubBuffer2_Release
shell32.dll
SHGetFolderPathW
urlmon.dll
IsValidURL
user32.dll
GetSystemMetrics
userenv.dll
CreateEnvironmentBlock, UnloadUserProfile, LoadUserProfileW, DestroyEnvironmentBlock
version.dll
GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
winhttp.dll
WinHttpSetTimeouts, WinHttpConnect, WinHttpReceiveResponse, WinHttpQueryHeaders, WinHttpGetProxyForUrl, WinHttpWriteData, WinHttpCrackUrl, WinHttpAddRequestHeaders, WinHttpSendRequest, WinHttpReadData, WinHttpQueryDataAvailable, WinHttpGetIEProxyConfigForCurrentUser, WinHttpSetOption, WinHttpSetStatusCallback, WinHttpOpenRequest, WinHttpCloseHandle, WinHttpOpen, WinHttpQueryOption

MpCmdRun.exe

Windows Defender by Microsoft Corporation (Signed)

Remove MpCmdRun.exe
Version:   1.1.1505.0
MD5:   a48ab55c83859cc08432e957e61faa0f
SHA1:   f4b80bfef843ad35a26ebbac614a362b4bb79125
SHA256:   bc3499a13ed43835900bfa6d65d047ff537b39c7bf630df707fcbeab3da00443

What is MpCmdRun.exe?

You can use this tool to automate and troubleshoot Microsoft Antimalware Service. So for instance if you wish to do a quick scan from the command line, you can use -Scan 1 parameter. Microsoft Security Essentials is efficient and compact. Scans and updates are scheduled to run when the PC is idle and the software works in a way that your PC is still snappy when you’re using it.

About MpCmdRun.exe (from Microsoft Corporation)

There are a host of nasty intruders on the Internet including viruses, trojans, worms and spyware. Microsoft Security Essentials offers award-winning protection against these intruders without getting

DetailsDetails

File name:mpcmdrun.exe
Publisher:Microsoft Corporation
Product name:Windows Defender
Description:Windows Defender Command Line Utility
Typical file path:C:\Program Files\windows defender\mpcmdrun.exe
File version:1.1.1505.0
Size:311.18 KB (318,648 bytes)
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Effective date:Tuesday, April 4, 2006
Expiration date:Thursday, October 4, 2007
Digital DNA
PE subsystem:Windows Console
Entropy:6.229419
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Scheduled tasks
  • The job 'MP Scheduled Signature Update' runs daily in the path '\Microsoft\Windows Defender\MP Scheduled Signature Update'
  • The job 'MP Scheduled Scan' runs daily in the path 'C:\windows\Tasks\MP Scheduled Scan.job'
  • Entry path 'C:\WINDOWS.0\Tasks\MP Scheduled Scan.job'
  • Entry path '\Microsoft\Windows Defender\MP Scheduled Signature Update'
  • Entry path '\Microsoft\Windows Defender\MP Scheduled Scan'
  • Entry path 'C:\WINDOWS\Tasks\MP Scheduled Scan.job'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.06559534%
0.028634%
Kernel CPU:0.03098532%
0.013761%
User CPU:0.03461002%
0.014873%
Kernel CPU time:266 ms/min
100,923,805ms/min
CPU cycles:1,004,543/sec
17,470,203/sec
Memory
Private memory:1.08 MB
21.59 MB
Private (maximum):3.51 MB
Private (minimum):2.82 MB
Non-paged memory:1.08 MB
21.59 MB
Virtual memory:37.81 MB
140.96 MB
Virtual memory (peak):38.11 MB
169.69 MB
Working set:2.84 MB
18.61 MB
Working set (peak):3.51 MB
37.95 MB
Page faults:916/min
2,039/min
I/O
I/O read transfer:7 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:59 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:48 Bytes/sec
448.09 KB/min
I/O other operations:10/sec
1,671/min
Resource allocations
Threads:3
12
Handles:75
600

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command line:"C:\Program Files\windows defender\mpcmdrun.exe" scan -restrictprivileges -reinvoke
Owner:NETWORK SERVICE

ResourcesThreads

Averages
 
MpCmdRun.exe (main module)
Total CPU:0.04215059%
0.272967%
Kernel CPU:0.01405020%
0.107585%
User CPU:0.02810039%
0.165382%
CPU cycles:601,112/sec
5,741,424/sec
Memory:320 KB
1.16 MB
RPCRT4.dll
Total CPU:0.02110107%
Kernel CPU:0.01582581%
User CPU:0.00527527%
CPU cycles:235,413/sec
Memory:780 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows Vista Home Premium 52.56%
Windows Vista Home Basic 15.38%
Microsoft Windows XP 11.54%
Windows Vista Business 6.41%
Windows Vista Ultimate 5.13%
Windows XP Home Edition 5.13%
Microsoft Windows XP Home Edition 1.28%
Windows XP Professional 1.28%
Windows 7 Home Premium 1.28%

Distribution by countryDistribution by country

United States installs about 71.64% of Windows Defender.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 27.59%
Toshiba 20.69%
ASUS 13.79%
Gateway 13.79%
Hewlett-Packard 10.34%
Acer 8.62%
Intel 3.45%
American Megatrends 1.72%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE