- Microsoft System Center 2012 Endpoint Protection Cookbook
- Andrew Plue
- 372字
- 2021-08-05 18:49:54
Utilizing MpCmdRun.exe
One of the most vital tools for a SCEP admin is MpCmdRun.exe. With this command-line utility, you can perform a definition rollback, force a signature update, restore a file from quarantine, or kick off a scan. Almost any operational scripting tasks you wish to perform will center on MpCmdRun.exe.
Getting Ready…
By default, MpCmdRun is stored in the C:\Program Files\Microsoft Security Client\Antimalware directory. Although MpCmdRun can be used to accomplish many tasks with SCEP, this recipe will only describe how to launch a full scan from the command line.
How to do it…
- Open the Command Prompt window.
- Navigate to
C:\ProgramFiles\MicrosoftSecurityClient\Antimalwaredirectory. - Enter the following command:
MpCmdRun -scan -2 - Once the full scan is completed, close the Command Prompt window.
How it works…
To view all options available for the utility, enter MpCmdRun -? in the Command Prompt window. A partial output is included for reference in the following example. The full contents of the MpCmdRun help file can be found in the appendix.
Usage: MpCmdRun.exe [command] [-options] Command Description -? / -h Displays all available options for this tool -Scan [-ScanType #] [-File <path> [-DisableRemediation]] Scans for malicious -Scan [-ScanType value] 0 Default, according to your configuration 1 Quick scan 2 Full system scan 3 File and directory custom scan [-File <path>]
There's more...
Below are some alternate examples of ways in which MpCmdRun could be utilized.
One example of how MpCmdRun could be useful is a scenario where your WSUS infrastructure has gone offline and you want to temporarily force your clients to pull a definition from an alternate source without modifying the SCEP policy.
In this case, you would need to either manually enter the following command or create a script that contains the command:
MpCmdRun –signatureupdate –servername\sharename
The -restore option can utilized to restore files that have been erroneously quarantined, without having to directly access the client UI. This could be done remotely using a tool such as PsExec.
- 網絡安全與管理
- unidbg逆向工程:原理與實踐
- 網絡安全應急管理與技術實踐
- INSTANT Burp Suite Starter
- 反黑命令與攻防從新手到高手(微課超值版)
- 同態(tài)密碼學原理及算法
- 網絡安全三十六計:人人該懂的防黑客技巧
- Python Penetration Testing Cookbook
- Kali Linux Wireless Penetration Testing Cookbook
- 解密彩虹團隊非凡實戰(zhàn)能力:企業(yè)安全體系建設(共5冊)
- API安全技術與實戰(zhàn)
- 學電腦安全與病毒防范
- 先進云安全研究與實踐
- 無線傳感器網絡安全與加權復雜網絡抗毀性建模分析
- 空間群組密鑰管理研究:基于自主的深空DTN密鑰管理