MSE v2 Command-Line Scanning

Microsoft Security Essentials (MSE) 2.0 adds command-line file scanning to its command-line interface.

MpCmdRun.exe is the command-line interface to MSE.

(Note that MSE has moved from “C:\Program Files\Microsoft Security Essentials” to “C:\Program Files\Microsoft Security Client”. And MpCmdRun.exe has moved to a subdirectory called Antimalware.)

In MSE v1, MpCmdRun was conspicuously missing an option to scan a file from a command line but the problem is rectified in MSE v2 beta.

mpcmdrun-filescan 

The file scanning is a new sub-option of the –Scan argument.

-Scan [-ScanType value]
    0  Default, according to your configuration
    1  Quick scan
    2  Full system scan
    3  Single file custom scan

       [-File ]
            Indicates the file path to be scanned, only valid for custom scan

       [-DisableRemediation]
            This option is valid only for custom scan.
            When specified:
              - File exclusions are ignored.
              - Archive files are scanned.
              - Actions are not applied after detection.
              - Event log entries are not written after detection.
              - Detections from the custom scan are not displayed in the user
                interface.

The usage is slightly awkward. It requires specifying –Scan –ScanType 3 –File <filename>.

A simple powershell function or a batch file.

Powershell

function Scan-File( $file )
{
    $exe = Join-Path $env:ProgramFiles &quot;Microsoft Security Client/Antimalware/MpCmdRun.exe&quot;
	&amp; $exe -Scan -ScanType 3 -File $file
}

Batch

@echo off
setlocal
set path=%programfiles%\Microsoft Security Client\Antimalware;%path%
cmd /c MpCmdRun.exe -Scan -ScanType 3 -File %1

Niftier PowerShell integration is possible by extending the work of the Scripting Guy’s Invoke-SecurityEssentials.ps1 script for MSE v1.0.

Advertisements

Security Essentials v2.0 on Windows Server

Microsoft released a beta of Microsoft Security Essentials (MSE) version 2.0 on July 20. The major new advertised feature is that it integrates with the Windows Filtering Platform (WFP) on Windows Vista and later to provide real-time network traffic inspection.

What they didn’t mention is that MSE 2.0 will install and run on Windows Server platforms. I suspect their target market here is Windows Home Server but it doesn’t seem to be picky.

I hope this feature stays in the final product. It and it makes sense to be able to protect servers as well as the client OS. MSE is a great option for SMEs and home users—any organization that is too small to make use of the centralized monitoring and management capabilities of a product like Forefront. It also might make sense for some bastion hosts.

MSE 2.0 beta x64 installed happily on my Mac Mini running Windows Server 2008 R2 Standard x64.

msev2-win2k8r2

%d bloggers like this: