Is MpCmdRun.exe supposed to run if Windows Defender is disabled?

Hello,

Mods, please move this thread to the correct part of the forum if this isn’t the right part. Sorry, I don’t know where to put this exactly. :-\

Alright, so the problem I’m having is that MpCmdRun.exe, which is a part of MSE and now also Windows Defender (pretty much MSE) in Windows 8, is constantly running and changing registry keys and constantly writing files (logs). One would think that such behavior would be gone once the Windows Defender service has been disabled?

The reason this is a problem is because:

1. I don’t know exactly what it’s purpose is when Windows Defender is disabled.
2. It’s actually doing st which means CPU usage. (Sure I have an overclocked i5 3570k but I still don’t want such programs to do useless st)
3. I have an SSD which is probably on it’s last legs at this moment and I’d like to reduce the amount of useless writings since an SSD has a finite amount of writings, and MpCmdRun.exe seems to write things all the time.
   (R.I.P my old Corsair F80, you survived many things like encryption… and re-encryption, but the latest one was one to much. :()

I’m not asking how to stop it, I can probably figure that one out myself, what I am wondering is whether it’s safe to stop MpCmdRun.exe or not?

I have tried google but I can’t reach any information about it’s usage after MSE or Windows Defender has been disabled. Is Comodo Internet Security using this process?

Thanks,
Sanya IV

Edit: Changed the title since I noticed that it made no sense at all. ^-^‘’

I have filled a bug report, if I remember well during beta period, signalling that though V 6 disables Windows Defender, MpCmdRun.exe keeps running.

Is this common on machines without CIS and disabled Windows Defender? Or is it only with CIS that it happens?

It would be nice to know exactly what this process does as the service is supposed to be disabled yet the process is actively doing stuff. ???

It’s the Windows Defender Command Line Utility. With regard to CIS disabling the service on Windows 8, that’s only partly true, it actually leaves it as Manual (Trigger Start) and you’ll find several eferences for this under task Scheduler.

So if I disable the Windows Defender Service by changing it from Manual to the one that is disabled and then restarting, will the MpCmdRun.exe finally stop writing things? Or are there more things I have to do?(I can’t remember what the option was called, I did change that but I haven’t restarted yet)

Btw this is what the log file says:

-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
 Start Time: ‎Fri ‎Mar ‎15 ‎2013 09:44:18

ERROR: WDEnable() failed (800106BA)
MpCmdRun: End Time: ‎Fri ‎Mar ‎15 ‎2013 09:44:18
-------------------------------------------------------------------------------------


-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
 Start Time: ‎Fri ‎Mar ‎15 ‎2013 09:47:50

ERROR: WDEnable() failed (800106BA)
MpCmdRun: End Time: ‎Fri ‎Mar ‎15 ‎2013 09:47:50
-------------------------------------------------------------------------------------


-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
 Start Time: ‎Fri ‎Mar ‎15 ‎2013 09:48:18

ERROR: WDEnable() failed (800106BA)
MpCmdRun: End Time: ‎Fri ‎Mar ‎15 ‎2013 09:48:18
-------------------------------------------------------------------------------------

Edit: the log file has now increased to 208 lines… now 217… it keeps building.

Edit 2: I restarted and the MpCmdRun.exe is still making those logs. =/

Edit 3: I also set the service to not do anything (instead of restarting service) if it failed, but the log is still being filled. <_<

I know I can block it in CIS, but I’m trying to find an “official” way to turn the god ■■■■ thing off.

Is it somehow possible to remove Windows Defender all together? That would be swell.

Changing the starting of a service does not disable or enable it.

To properly test whether the logging stops either restart the computer or manually stop the service from Services.

But the Windows Defender Service is stopped when MpCmdRun.exe is working =S I can’t find any other entries regarding just MpCmdRun.exe.

It looks like WD is caught in some kind of loop. The first command is trying to disable it - strangely, ‘wddisable’ doesn’t seem to be a registered switch for mpcmdrun - but this is failing with “WDEnable() failed (800106BA)”
Unfortunately, I can’t reproduce on the windows 8 system I have here. Try setting the service to ‘Automatic’ and the reboot. See what happens next.

Can you see if there are tasks scheduled in Schedule Tasks (Control Panerl → Administrative Tools → Task Scheduler → Microsoft → Windows → Windows Defender)?

After restarting the logs are still filled with the same information by MpCmdRun.exe and the Windows Defender Service have changed from Automatic to Manual, don’t know why.

It’s blank :-\

Is it possible to delete Windows Defender completely? I’d assume that it’s not recommended.

Edit: I change the name of the “Windows Defender” folder “Windows Defender old” and that seems like it did the trick, no logs being made so far for 5 minutes (it used to write one time every minute)

I didn’t remove the folder in case I would need the files again.