Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

4.5.0218.0 15.50%
4.5.0218.0 0.61%
4.5.0216.0 3.87%
4.4.0304.0 2.42%
4.4.0304.0 0.36%
4.3.0219.0 3.15%
4.3.0219.0 2.06%
4.3.0216.0 1.09%
4.3.0216.0 0.73%
4.3.0215.0 1.45%
4.3.0215.0 0.61%
4.3.0215.0 2.54%
4.3.0215.0 6.42%
4.2.0223.0 10.65%
4.2.0223.0 1.09%
4.2.0223.0 11.74%
4.2.0223.0 8.47%
4.2.0216.0 0.12%
4.2.0216.0 0.12%
4.1.0522.0 11.26%
4.1.0522.0 10.53%
4.0.1526.0 0.24%
4.0.1526.0 0.73%
3.0.8402.0 0.97%
3.0.8402.0 1.21%
View more

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
TraceEvent, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, CreateProcessAsUserW, CreateRestrictedToken, LogonUserW, GetUserNameW, OpenProcessToken, RegCloseKey, ReadEventLogW, RegQueryValueExW, RegOpenKeyExW, CloseEventLog, GetNumberOfEventLogRecords, GetOldestEventLogRecord, OpenEventLogW, CloseServiceHandle, QueryServiceStatusEx, OpenServiceW, OpenSCManagerW, CheckTokenMembership, GetLengthSid, FreeSid, AllocateAndInitializeSid, RegEnumKeyExW, RegEnumValueW, CopySid, LookupPrivilegeValueW, AdjustTokenPrivileges, ConvertStringSidToSidW, RegCreateKeyExW, RegSetValueExW, QueryServiceConfigW, QueryServiceStatus, ControlService, StartServiceW, ChangeServiceConfigW
kernel32.dll
LocalAlloc, LocalFree, GetProcAddress, LoadLibraryW, FreeLibrary, DeleteFileW, SetFileAttributesW, GetFileInformationByHandle, FileTimeToDosDateTime, GetSystemPowerStatus, MultiByteToWideChar, WideCharToMultiByte, CreateProcessW, GetModuleHandleW, GetFileAttributesW, CreateTimerQueueTimer, SetFilePointerEx, WriteFile, GetSystemDirectoryW, WaitForSingleObject, CreateEventW, UnhandledExceptionFilter, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, RtlUnwind, OutputDebugStringA, InterlockedCompareExchange, HeapFree, HeapAlloc, CompareFileTime, Sleep, ExpandEnvironmentStringsW, LoadLibraryExW, FileTimeToLocalFileTime, FileTimeToSystemTime, InterlockedExchange, FindFirstFileW, FindNextFileW, FindClose, CopyFileW, CreateDirectoryW, CreateFileW, DeleteTimerQueueTimer, TerminateProcess, GetSystemTime, GetCurrentProcess, GetExitCodeProcess, SetEvent, FormatMessageW, SetErrorMode, CloseHandle, GetLastError, SetLastError, GetTimeFormatW, GetDateFormatW, GetLocalTime, GetTickCount, GetCommandLineW, InterlockedIncrement, InterlockedDecrement, GetTempPathW, GetFileSizeEx, DeviceIoControl, ConvertDefaultLocale, GetLocaleInfoW, IsValidLanguageGroup, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, HeapSetInformation, RemoveDirectoryW, GetNativeSystemInfo, SetEnvironmentVariableW, GetSystemDefaultUILanguage, LeaveCriticalSection, EnterCriticalSection, MoveFileExW, DebugBreak
mpclient.dll
MpManagerVersionQuery, MpAddDynamicSignatureFile, MpRemoveDynamicSignatureFile, MpUpdateStart, MpConfigGetValueAlloc, MpConfigIteratorClose, MpConfigIteratorEnum, MpConfigIteratorOpen, MpConfigDelValue, MpManagerEnable, MpQuarantineRequest, MpThreatEnumerate, MpThreatOpen, MpUtilsExportFunctions, MpScanStart, MpCleanOpen, MpCleanStart, MpConfigOpen, MpConfigClose, MpScanResult, MpConfigGetValue, MpHandleClose, MpConfigUninitialize, MpConfigInitialize, MpFreeMemory, MpClientUtilExportFunctions, MpConfigSetValue, MpManagerOpen, MpTelemetrySetDWORD, MpUpdateStartEx, MpDynamicSignatureOpen, MpDynamicSignatureEnumerate, MpTelemetryInitialize, MpManagerStatusQuery, MpSampleSubmit, MpSampleQuery, WDEnable, MpAllocMemory, MpManagerStatusQueryEx, MpTelemetryUninitialize, MpTelemetryUpload
msvcrt.dll
DllMain
ole32.dll
CoInitializeEx, StringFromGUID2, CoUninitialize, CoCreateInstance, CoSetProxyBlanket, CoWaitForMultipleHandles, CoTaskMemAlloc
rpcrt4.dll
UuidFromStringW
secur32.dll
GetUserNameExW
setupapi.dll
SetupCloseInfFile, SetupCloseFileQueue, SetupPromptReboot, SetupInitDefaultQueueCallbackEx, SetupCommitFileQueueW, SetupInstallFilesFromInfSectionW, SetupOpenFileQueue, SetupInstallServicesFromInfSectionW, SetupInstallFromInfSectionW, SetupOpenAppendInfFileW, SetupOpenInfFileW, SetupDefaultQueueCallbackW, SetupTermDefaultQueueCallback
userenv.dll
LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile, DestroyEnvironmentBlock
wintrust.dll
CryptCATAdminReleaseContext, CryptCATAdminAcquireContext, CryptCATAdminAddCatalog, CryptCATAdminReleaseCatalogContext

MpCmdRun.exe

Microsoft Malware Protection by Microsoft Corporation (Signed)

Remove MpCmdRun.exe
Version:   4.1.0522.0
MD5:   5b8580b819be32eec18ce1fec52a4bce
SHA1:   3e288a6d624640577b7b87262d020f29062a4fd0
SHA256:   e775c3f83728282c6cfe41a4431f4e85344d74f998523c06ca19dccc27fdf965

What is MpCmdRun.exe?

You can use this tool to automate and troubleshoot Microsoft Antimalware Service. So for instance if you wish to do a quick scan from the command line, you can use -Scan 1 parameter. Microsoft Security Essentials is efficient and compact. Scans and updates are scheduled to run when the PC is idle and the software works in a way that your PC is still snappy when you’re using it.

About MpCmdRun.exe (from Microsoft Corporation)

Microsoft Security Essentials provides real-time protection for your home or small business PC that guards against viruses, spyware, and other malicious software. Microsoft Security Essentials is a fr

DetailsDetails

File name:MpCmdRun.exe
Publisher:Microsoft Corporation
Product name:Microsoft Malware Protection
Description:Microsoft Malware Protection Command Line Utility
Typical file path:C:\Program Files\microsoft security essentials\mpcmdrun.exe
File version:4.1.0522.0
Size:329.4 KB (337,304 bytes)
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Effective date:Wednesday, October 22, 2008
Expiration date:Friday, January 22, 2010
Digital DNA
PE subsystem:Windows Console
Entropy:6.172840
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
Microsoft Security Essentials
 Microsoft Corporation
8% remove
Microsoft Security Essentials is an antivirus software product that provides protection against different types of malware such as computer viruses, spyware, rootkits and Trojan horses. It runs on Windows XP, Windows Vista and Windows 7, but not on Windows 8, which has a built-in AV component. Built upon the same virus definitions and scanning engine as other Microsoft antivirus products, MSE provides real-time protection, constantly mo...
Microsoft Security Client
 Microsoft Corporation
4% remove
Microsoft Security Client for Microsoft Security Essentials is an antivirus software product that provides protection against different types of malware such as computer viruses, spyware, rootkits and Trojan horses. Built upon the same virus definitions and scanning engine as other Microsoft antivirus products, MSE provides real-time protection, constantly monitoring activities on the computer and scanning new files as they are download...
System Center 2012 Endpoint Protection
 Microsoft Corporation
5% remove
Security and management have traditionally existed as two separate disciplines, yet both play a central role in keeping your users safe and productive. Microsoft System Center 2012 Endpoint Protection (previously known as Forefront Endpoint Protection) allows you to consolidate desktop security and management in a single solution. Built on System Center 2012 Configuration Manager, System Center 2012 Endpoint Protection provides a sin...
Microsoft Forefront Endpoint Protection
 Microsoft Corporation
1% remove
Microsoft Forefront is a family of line-of-business security software that are designed to help protect computer networks, network servers (such as Microsoft Exchange Server and Microsoft SharePoint Server) and individual devices.
Microsoft Security Essentials Prerelease
 Microsoft Corporation
1% remove
The Microsoft Security Essentials Prerelease program allows users to run the latest & greatest versions of Security Essentials before they are publicy available.

BehaviorsBehaviors

Scheduled tasks
  • The task 'MP Scheduled Scan' runs daily in the path '\Microsoft\Windows Defender\MP Scheduled Scan'
  • The job 'Windows Defender Verification' runs in the path '\Microsoft\Windows\Windows Defender\Windows Defender Verification'
  • The task 'Windows Defender Scheduled Scan' runs in the path '\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan'
  • The job 'Windows Defender Cleanup' runs in the path '\Microsoft\Windows\Windows Defender\Windows Defender Cleanup'
  • The task 'Windows Defender Cache Maintenance' runs in the path '\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance'
  • The job 'MpIdleTask' in the path '\Microsoft\Microsoft Antimalware\MpIdleTask'
  • The task 'Microsoft Antimalware Scheduled Scan' runs weekly in the path '\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan'
  • Entry path '\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan'
  • Entry path '\Microsoft\Microsoft Antimalware\MP Scheduled Scan'
  • Entry path '\Microsoft\Microsoft Antimalware\MpIdleTask'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.16543309%
0.028634%
Kernel CPU:0.10755423%
0.013761%
User CPU:0.05787885%
0.014873%
Kernel CPU time:31 ms/min
100,923,805ms/min
CPU cycles:118,418/sec
17,470,203/sec
Context switches:4/sec
284/sec
Memory
Private memory:2.47 MB
21.59 MB
Private (maximum):6.83 MB
Private (minimum):5.36 MB
Non-paged memory:2.47 MB
21.59 MB
Virtual memory:29.42 MB
140.96 MB
Virtual memory (peak):31.13 MB
169.69 MB
Working set:1.28 MB
18.61 MB
Working set (peak):5.08 MB
37.95 MB
Page faults:1,534/min
2,039/min
I/O
I/O read transfer:155 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:6 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:4 Bytes/sec
448.09 KB/min
I/O other operations:1/sec
1,671/min
Resource allocations
Threads:6
12
Handles:99
600

BehaviorsProcess properties

Platform:64-bit
Command lines:
  • "C:\Program Files\microsoft security client\mpcmdrun.exe" scan -schedulejob -restrictprivileges -reinvoke
  • "C:\Program Files\microsoft security client\mpcmdrun.exe" signaturesupdateservice -schedulejob -unmanagedupdate
  • "C:\Program Files\microsoft security client\mpcmdrun.exe" signatureupdate -schedulejob -restrictprivileges -reinvoke
  • "C:\Program Files\microsoft security client\mpcmdrun.exe" -uploadsqm -restrictprivileges -reinvoke
  • "C:\Program Files\microsoft security client\mpcmdrun.exe" spynetservice -restrictprivileges -accesskey fd8f7b29-3475-9ea5-5d97-ec881c28beb3 -reinvoke
Owner:NETWORK SERVICE
Parent process:MsMpEng.exe (Microsoft Malware Protection by Microsoft Corporation)

ResourcesThreads

Averages
 
mpclient.dll
Total CPU:0.00013488%
0.272967%
Kernel CPU:0.00013488%
0.107585%
User CPU:0.00000000%
0.165382%
CPU cycles:79,500/sec
5,741,424/sec
Memory:848 KB
1.16 MB
MpCmdRun.exe (main module)
Total CPU:0.00009067%
Kernel CPU:0.00004533%
User CPU:0.00004533%
CPU cycles:1,401/sec
Memory:324 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 8.1 32.50%
Windows 7 Home Premium 17.50%
Windows 8.1 Pro 11.00%
Windows 8.1 Single Language 10.00%
Windows 7 Ultimate 8.00%
Windows 8.1 Pro with Media Center 6.50%
Windows 7 Professional 5.50%
Windows 8 Pro 4.50%
Windows 8.1 Enterprise Evaluation 2.00%
Windows Vista Home Premium 1.50%
Microsoft Windows XP 1.00%

Distribution by countryDistribution by country

United States installs about 50.00% of Microsoft Malware Protection.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 25.83%
ASUS 18.33%
Hewlett-Packard 17.08%
Acer 15.00%
Lenovo 14.17%
Toshiba 5.00%
Alienware 1.67%
GIGABYTE 1.25%
Sony 0.83%
Compaq 0.83%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE