Kyle said:
I'll try again. Evidently my first reply didn't take.
Thanks for the reply, Dave. I'm really an extreme novice with the
command prompt stuff. I tried it and got a bunch of command options,
but the Restoredefaults didn't seem to have any meaning. I may not
have been doing it correctly.
I don't want to restore defaults, as I've modified Defender extensively and
I would loose the mods, so I'll gather logs instead using "-GetFiles".
Here's how to navigate to the Windows Defender folder (your location should
be similar).
Then to list the command options available for MpCmdRun.
Then to gather log files with the "-GetFiles" command.
Don't neglect to include the (-)hyphen in front of each command.
Start > Run > type "CMD" without quotes > click OK
****************************************************************************************
C:\Documents and Settings\Dave>CD C:\Program Files\Windows Defender
****************************************************************************************
C:\Program Files\Windows Defender>MpCmdRun -?
Windows Defender Command Line Utility (c) 2006 Microsoft Corporation
Use this tool to automate and troubleshoot Windows Defender
Usage:
mpcmdrun.exe [command] [-options]
Command Description
-? / -h Displays all available options for this
to
-Trace [-Grouping] [-Level] Starts diagnostic tracing
-RemoveDefinitions [-All] Restores the installed signature
definitio
to a previous backup copy or to the
origin
default set of signatures
-RestoreDefaults Resets the Windows Defender registry
settings to known good defaults
-SignatureUpdate Checks for new definition updates
-Scan [-ScanType] Scans for malicious software
-GetSWE Exports information about software
install
on your computer
-GetFiles Collects support information
Additional Information:
Support information will be in the following directory:
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows
Defend
-Scan [-ScanType]
0 Default, according to your configuration
1 Quick scan
2 Full system scan
-Trace [-Grouping] [-Level]
Begins tracing Windows Defender's actions. You can specify
the components for which tracing is enabled and how much
information
is recorded.
If no component is specified, all the components will be logged.
If no level is specified, the Error, Warning and Informational
levels
will be logged.
[-Grouping]
0x1 Service
0x2 Malware Protection Engine
0x4 User Interface
0x8 Real-Time Protection
0x10 Scheduled actions
[-Level]
0x1 Errors
0x2 Warnings
0x4 Informational messages
0x8 Function calls
0x10 Assertions
-GetFiles
Gathers the following log files and packages them together in a
compressed file in the support directory
- Any trace files from Windows Defender
- The Windows Update history log
- All WinDefend or WinDefendRtp events from the
System and Application event log
- All relevant Windows Defender registry locations
- All software information from Software Explorer
-RemoveDefinitions
Restores the last set of signature definitions
-RemoveDefinitions -All
Rolls the signature definitions back to the default signature set
and removes any installed signature and engine files.Use this
option if you have difficulties trying to update signatures.
-RestoreDefaults
Resets all configuration options to their default values; this is
the
equivalent of running Windows Defender setup unattended.
-GetSWE
Exports the contents of Software Explorer into a file named
MPSWE.txt
in the support directory
****************************************************************************************
C:\Program Files\Windows Defender>MpCmdRun -GetFiles
Collecting events from System Event Log...done!
Collecting events from Application Event Log...done!
Collecting Software Explorer information...done!
Collecting configuration information...done!
Getting Windows Update log...done!
Getting MpCmdRun log...done!
done!
done!
Getting MpSigStub log...done!
Creating CAB file...done!
Files successfully created in C:\Documents and Settings\All
Users\Application Data\Microsoft\Windows Defender\Support