"MpCmdRun.exe" Process on Windows 7

Q

What is the "MpCmdRun.exe" process on windows 7? Is the "MpCmdRun.exe" process a virus? Can I terminate the "MpCmdRun.exe" process?

✍: FYIcenter.com

A

"MpCmdRun.exe" process represents "Microsoft Malware Protection Command Line Utility" program.

"MpCmdRun.exe" process is normally running under the parent process "Boot" as shown in the process tree below: 

Boot
   MpCmdRun

On the Processes tab of "Task Manager", "MpCmdRun.exe" process may be listed as: 

Image Name                 Memory   Description
--------------------   ----------   -----------
MpCmdRun.exe              4,828 K   Microsoft Malware Protection Command Line Utility

Additional information about "MpCmdRun.exe" process: 

Command line:
   "c:\Program Files\Microsoft Security Client\\MpCmdRun.exe" Scan -ScheduleJob -RestrictPrivileges -Reinvoke

Programe file information:
   Name: MpCmdRun.exe
   Location: c:\Program Files\Microsoft Security Client\MpCmdRun.exe
   Description: Microsoft Malware Protection Command Line Utility
   Version: 4.10.0209.0
   Size: 410784 bytes
   Last modified: 11/14/2016 9:14:42 PM
   Company Name: Microsoft Corporation
   
Some data files used:
C:\Windows\System32
C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp\MpCmdRun.log
C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp\MpCmdRun-80-0F05C8FF-0B18-43E3-BDFB-9A0C84B0E5DA.lock

Some registry keys used:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER
HKCU\Control Panel\International
HKLM\SOFTWARE\Microsoft\Microsoft Antimalware
HKLM\SOFTWARE\Policies\Microsoft
HKLM\SOFTWARE\Microsoft\Microsoft Antimalware

Some DLL libraries used:
C:\windows\SYSTEM32\ntdll.dll
C:\windows\system32\kernel32.dll
C:\windows\system32\KERNELBASE.dll
C:\windows\system32\ADVAPI32.dll
C:\windows\system32\msvcrt.dll
C:\windows\SYSTEM32\sechost.dll
C:\windows\system32\RPCRT4.dll
C:\windows\system32\OLEAUT32.dll
C:\windows\system32\ole32.dll
C:\windows\system32\GDI32.dll

"MpCmdRun.exe" process is not a virus. But you can terminate "MpCmdRun.exe" process. You can run it whenever you need it.

 

Application Program Processes on Windows 7

⇒⇒Windows 7 Processes Tutorials

2017-09-15, 5803👍, 0💬

Administration Adware Spyware Apache Bluetooth DOS Commands General Internet Connection Internet Explorer Media Center Media Player Mozilla Firefox MS Access Performance PHP Programming Security Silverlight Tips Tools Tutorials Windows 10 Windows 7 Windows 8 Windows Phone Windows Server 2012 Windows Vista Windows XP