Hi Bill,
for you the whole story, thats why i found it.
Regards >*< TOM >*<
Bill Sanderson MVP schreef:
Yes--found it just after writing that. should have known it was in all
users--that makes sense, once you think about it a bit.
Windows Defender Command Line (c) 2006 Microsoft
Used to enable advanced logging and troubleshooting tools for Windows Defender
Usage:
mpcmdrun.exe [command] [-options]
Command Description
-? [h] Displays all the available command-line
options for this tool
-Scan [-ScanType] Run Scan
-SignatureUpdate Checks for new definition updates
-StartTrace [-Grouping] [-Level] Starts WPP tracing
-StopTrace Stops WPP tracing
-GetFiles Collects all relevant logs for support
-RemoveDefinitions [-All] Removes definition updated sets the user
back to either the previous one (backup)
or the (default)
-Restoredefaults Resets the Windows Defender registry
settings to known good defaults
-GetSWE Exports contents of Software Explorer
into a text file
Additional Information:
-Scan [-ScanType]
0 Default, according to the configuration
1 Quick scan
2 Full system scan
-StartTrace [-Grouping] [-Level]
Begins WPP tracing.
Optionally user can specify a set grouping of components
to enable tracing for. A user can also specify the level
of tracing for that grouping. If no grouping specified
then trace will be for all components. If no level
specified tracing will log all info except 'Function'
(Error, Warning, Informational, Assert)
[-Grouping]
0x1 Service
0x2 Engine
0x4 UI
0x8 RTP
0x10 Scheduler
[-Level]
0x1 Error
0x2 Warning
0x4 Informational
0x8 Function
0x10 Assert
-StopTrace
Stops WPP tracing and saves tracing file. The command
takes no filename parameter, the trace log file is
always saved with the same name and in same location.
Any existing trace log file is overwritten. Name for
the trace log will be 'WDTrace.log' and will be saved in
ProgramData\Microsoft\Windows Defender\Support
directory
-GetFiles
Gathers the following log files and packages them all
together. These files will all be placed in a compressed
format uniquely named in the \Support directory.
- Any trace files from Windows Defender. This file
will always be named WDTrace.log.
- %windir%\Windowsupdate.log
- All events from the NT system and application event
log with source WinDefend or WinDefendRtp. These are
saved as two separate files: WDSystemEvents.txt and
WDApplicationEvents.txt in \Support directory
- Exports the contents of Windows Defender relevent
registry locations to a text file. Place the
contents of the registry export into a file named
WDRegistry.txt and place it in \Support directory
- Exports the contents of Software Explorer into a
text file. The file will always be named WDSWE.txt
and be in the \Support directory
-RemoveDefinitions [-All]
When invoked with out the 'all' option rollback to the
previous signature set - the backup. When invoked with
the 'all' option then rollback to the default set,
remove any signature and engine files on the box and the
service will load the default signatures (1.0.0.0) that
the product shipped with. This allows the user to go
back to a known working signature set and try to update
signatures from there.
-RestoreDefaults
Will reset all registry keys to their default values.
All settings will be restored to equivalent of running
setup unattended without specifying any options.
-GetSWE
Exports the contents of Software Explorer into a text
file. The command takes no filename parameter, the
export log file is always saved with the same name and
in the same location. Any existing log file is
overwritten. Name for the log will be 'WDSWE.txt' and
will be saved in following directory.
ProgramData\Microsoft\Windows Defender\Support
