How to use the MpCmdRun.exe tool to enable definition updates diagnostics for Windows Defender

If you experience issues when you use definition updates for Windows Defender, you may want to collect log files to help troubleshoot the issues. This article describes how to use the MpCmdRun.exe tool to enable definition updates diagnostics.

To enable definition updates diagnostics, follow these steps:

Windows XP

1. Click Start, click Run, type cmd, and then click OK.
2. At the command prompt, type the following commands. Press ENTER after each command:
   cd C:\Program Files\Windows Defender
   MpCmdRun -SignatureUpdate -Trace -Grouping 15 -GetFiles
3. At the command prompt, type exit, and then press ENTER to close the command prompt.
4. When the tracing is complete, examine the Mptrace.log file . The file is located in the following folder:
   C:\Documents and settings\All users\Application data\Microsoft\Windows Defender\Support\Mptrace.log

Windows Vista

1. Click Start, type command prompt in the Start Search box, right-click Command Prompt in the Programs list, and then click Run as administrator.
   
   If you are prompted for an administrator password or for confirmation, type the password, or click Continue.
2. At the command prompt, type the following commands. Press ENTER after each command:
   cd C:\Program Files\Windows Defender
   MpCmdRun -SignatureUpdate -Trace -Grouping 15 -GetFiles
3. At the command prompt, type exit, and then press ENTER to close the command prompt.
4. When the tracing is complete, examine the Mptrace.log file. The file is located in the following folder:
   C:\ProgramData\Microsoft\Windows Defender\Support\Mptrace.log

For more information, click the following article number to view the article in the Microsoft Knowledge Base: