Advertisement

Microsoft says that Defender file download feature is not a risk

Microsoft recently updated its Defender antivirus, adding the ability to silently download any file from the Internet. Some users are concerned that this new feature could be exploited by malware and potentially unwanted applications. Microsoft has officially replied that the company does not consider this change to the application a vulnerability.

The console MpCmdRun.exe utility is part of Microsoft Defender. It is used mostly for scheduled scanning tasks by IT administrators. The MpCmdRun.exe tool has a number of command line switches which can be viewed by running MpCmdRun.exe with "/?".

The most recent version of the MpCmdRun.exe tool supports the following syntax

MpCmdRun.exe -DownloadFile -url [url to a remote file] -path [local path to save the file]

Defender Download Any File From The Internet

The remote file will be silently downloaded to the location you specified.

The Downloaded File With Mpcmdrun

Many security researchers think that this new feature is risky and adds an extra attack vector to Windows 10. Microsoft's spoke person has revealed to Forbes the company's position regarding the situation:

Despite these reports, Microsoft Defender antivirus and Microsoft Defender ATP will still protect customers from malware. These programs detect malicious files downloaded to the system through the antivirus file download feature.

Despite this statement, some users point that it is not possible to disable this feature in Microsoft Defender, leaving the system vulnerable for apps that may secretly abuse the download option.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Advertisment

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

4 thoughts on “Microsoft says that Defender file download feature is not a risk”

  1. That looks like a great big lit up billboard thas says “HACK ME, HACK ME”
    Then again, it might be a honey trap of sorts tracking everything about an outside hacker trying to use it as an exploit

  2. While your at it can you ask M$ why there are 6 different copies of this file in 6 different locations?

    I went through and created firewall rules to block them all just to see what happens.

    *C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\X86\MpCmdRun.exe

    *C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\MpCmdRun.exe

    *C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2007.8-0\X86\MpCmdRun.exe

    *C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2007.8-0\MpCmdRun.exe

    *C:\Program Files\Windows Defender\MpCmdRun.exe

    *C:\WINDOWS\WinSxS\amd64_windows-defender-service_31bf3856ad364e35_10.0.18362.1_none_980392c9d40502d2\MpCmdRun.exe

Leave a Reply

Your email address will not be published.

css.php
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.