- Microsoft System Center 2012 Endpoint Protection Cookbook
- Andrew Plue
- 372字
- 2021-08-05 18:49:54
Utilizing MpCmdRun.exe
One of the most vital tools for a SCEP admin is MpCmdRun.exe. With this command-line utility, you can perform a definition rollback, force a signature update, restore a file from quarantine, or kick off a scan. Almost any operational scripting tasks you wish to perform will center on MpCmdRun.exe.
Getting Ready…
By default, MpCmdRun is stored in the C:\Program Files\Microsoft Security Client\Antimalware directory. Although MpCmdRun can be used to accomplish many tasks with SCEP, this recipe will only describe how to launch a full scan from the command line.
How to do it…
- Open the Command Prompt window.
- Navigate to
C:\ProgramFiles\MicrosoftSecurityClient\Antimalwaredirectory. - Enter the following command:
MpCmdRun -scan -2 - Once the full scan is completed, close the Command Prompt window.
How it works…
To view all options available for the utility, enter MpCmdRun -? in the Command Prompt window. A partial output is included for reference in the following example. The full contents of the MpCmdRun help file can be found in the appendix.
Usage: MpCmdRun.exe [command] [-options] Command Description -? / -h Displays all available options for this tool -Scan [-ScanType #] [-File <path> [-DisableRemediation]] Scans for malicious -Scan [-ScanType value] 0 Default, according to your configuration 1 Quick scan 2 Full system scan 3 File and directory custom scan [-File <path>]
There's more...
Below are some alternate examples of ways in which MpCmdRun could be utilized.
One example of how MpCmdRun could be useful is a scenario where your WSUS infrastructure has gone offline and you want to temporarily force your clients to pull a definition from an alternate source without modifying the SCEP policy.
In this case, you would need to either manually enter the following command or create a script that contains the command:
MpCmdRun –signatureupdate –servername\sharename
The -restore option can utilized to restore files that have been erroneously quarantined, without having to directly access the client UI. This could be done remotely using a tool such as PsExec.
- Mastering Kali Linux for Advanced Penetration Testing
- 網絡安全技術及應用(第3版)
- Kali Linux Network Scanning Cookbook(Second Edition)
- Python Penetration Testing Cookbook
- 網絡空間安全實驗
- 信息安全導論(第2版)
- 華為防火墻實戰(zhàn)指南
- 空間群組密鑰管理研究:基于自主的深空DTN密鑰管理
- 數據安全架構設計與實戰(zhàn)
- 黑客攻防從入門到精通
- Cybersecurity Threats,Malware Trends,and Strategies
- 網絡攻防實戰(zhàn)研究:MySQL數據庫安全
- Blockchain Development with Hyperledger
- 網絡安全設計
- 商用密碼應用與安全性評估