Microsoft recently updated its Defender antivirus, adding the ability to silently download any file from the Internet. Some users are concerned that this new feature could be exploited by malware and potentially unwanted applications. Microsoft has officially replied that the company does not consider this change to the application a vulnerability.
The console MpCmdRun.exe utility is part of Microsoft Defender. It is used mostly for scheduled scanning tasks by IT administrators. The MpCmdRun.exe tool has a number of command line switches which can be viewed by running MpCmdRun.exe with "/?".
The most recent version of the MpCmdRun.exe
tool supports the following syntax
MpCmdRun.exe -DownloadFile -url [url to a remote file] -path [local path to save the file]
The remote file will be silently downloaded to the location you specified.
Many security researchers think that this new feature is risky and adds an extra attack vector to Windows 10. Microsoft's spoke person has revealed to Forbes the company's position regarding the situation:
Despite these reports, Microsoft Defender antivirus and Microsoft Defender ATP will still protect customers from malware. These programs detect malicious files downloaded to the system through the antivirus file download feature.
Despite this statement, some users point that it is not possible to disable this feature in Microsoft Defender, leaving the system vulnerable for apps that may secretly abuse the download option.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!
Advertisеment
That looks like a great big lit up billboard thas says “HACK ME, HACK ME”
Then again, it might be a honey trap of sorts tracking everything about an outside hacker trying to use it as an exploit
Will it be possible to uninstall defender in future builds? Or said MpCmdRun.exe?
no, it is not possible to uninstall it. if you delete that file, it may break Defender’s scheduled tasks.
While your at it can you ask M$ why there are 6 different copies of this file in 6 different locations?
I went through and created firewall rules to block them all just to see what happens.
*C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\X86\MpCmdRun.exe
*C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\MpCmdRun.exe
*C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2007.8-0\X86\MpCmdRun.exe
*C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2007.8-0\MpCmdRun.exe
*C:\Program Files\Windows Defender\MpCmdRun.exe
*C:\WINDOWS\WinSxS\amd64_windows-defender-service_31bf3856ad364e35_10.0.18362.1_none_980392c9d40502d2\MpCmdRun.exe