Microsoft says that Defender file download feature is not a risk

Shield Icon Big Round 256

Microsoft recently updated its Defender antivirus, adding the ability to silently download any file from the Internet. Some users are concerned that this new feature could be exploited by malware and potentially unwanted applications. Microsoft has officially replied that the company does not consider this change to the application a vulnerability.

The console MpCmdRun.exe utility is part of Microsoft Defender. It is used mostly for scheduled scanning tasks by IT administrators. The MpCmdRun.exe tool has a number of command line switches which can be viewed by running MpCmdRun.exe with "/?".

The most recent version of the MpCmdRun.exe tool supports the following syntax

MpCmdRun.exe -DownloadFile -url [url to a remote file] -path [local path to save the file]

The remote file will be silently downloaded to the location you specified.

Many security researchers think that this new feature is risky and adds an extra attack vector to Windows 10. Microsoft's spoke person has revealed to Forbes the company's position regarding the situation:

Despite these reports, Microsoft Defender antivirus and Microsoft Defender ATP will still protect customers from malware. These programs detect malicious files downloaded to the system through the antivirus file download feature.

Despite this statement, some users point that it is not possible to disable this feature in Microsoft Defender, leaving the system vulnerable for apps that may secretly abuse the download option.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

4 thoughts on “Microsoft says that Defender file download feature is not a risk”

  1. That looks like a great big lit up billboard thas says “HACK ME, HACK ME”
    Then again, it might be a honey trap of sorts tracking everything about an outside hacker trying to use it as an exploit

    1. no, it is not possible to uninstall it. if you delete that file, it may break Defender’s scheduled tasks.

  2. While your at it can you ask M$ why there are 6 different copies of this file in 6 different locations?

    I went through and created firewall rules to block them all just to see what happens.

    *C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\X86\MpCmdRun.exe

    *C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\MpCmdRun.exe

    *C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2007.8-0\X86\MpCmdRun.exe

    *C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2007.8-0\MpCmdRun.exe

    *C:\Program Files\Windows Defender\MpCmdRun.exe


Leave a Reply

Your email address will not be published.

Exit mobile version
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.