Microsoft Defender Offline (Windows Defender Offline) to check for viruses

Microsoft Defender Offline (Windows Defender Offline) is an antivirus tool for checking your computer for malware in the Windows 10 operating system. This is another tool from Microsoft designed to protect your system from viruses.

Microsoft has changed the name of this product several times, so this antivirus tool is also known by other names: Windows Defender offline, Microsoft Defender offline.

Windows 10 Defender Offline Check: What is it

Part of the malicious software penetrates deeply into the system and is removed from the computer with great difficulty. In these situations, it is not easy for antiviruses to block the negative impact of malware.

Viruses, such as rootkits, try to infiltrate a PC outside the Windows shell, for example, into the boot record (MBR) in order to bypass the protection performed by the antivirus program installed on the computer. In such situations, the standalone Microsoft Defender module will help the user to detect and neutralize virus programs.

Windows Defender Offline scan is performed from a trusted “clean” environment, outside the kernel of the operating system, before starting or during the restart of the PC. Because of this, Windows Defender Offline has the ability to detect malware that tries to bypass the standard Windows shell protection.

Microsoft Defender Standalone Scan is performed in the following cases:

  • The built-in Windows Security antivirus (in previous versions, Windows Defender Security Center) detects rootkits or hard-to-remove malware on your computer.
  • You suspect that the PC is affected by viruses, but the antivirus does not detect them.
  • To perform a deep system scan after a massive virus infection.

In some cases, the security system of the operating system independently suggests using Windows 10 Defender Offline as an additional tool for cleaning the system from viruses.

Starting with Windows 10 version 1607, the user can manually conduct an offline scan of their computer using this tool.

Microsoft Defender Offline runs during a system restart or before Windows boots. This protection tool can be run from a running operating system, or from a pre-created bootable media.

There are several ways to run a Windows Defender offline scan:

  • From the Windows Security app (Windows Defender).
  • From Windows PowerShell.
  • From the command line using Windows Management Instructions (WMI) commands.

Microsoft Defender Offline does not support ARM PCs or Windows Server operating systems.

Microsoft Defender Offline uses the antivirus databases of Windows Defender (Microsoft Defender), so it’s a good idea to update your security systems before running a scan.

Running Microsoft Windows Defender Offline on Windows 10

Now let’s look at one of the options for launching Offline Defender directly from a running Windows 10 operating system.

Before using Microsoft Defender offline, save open documents and files, close the windows of running programs, because the computer must be restarted to complete the scan.

Microsoft Defender Offline scans your computer for approximately 15 minutes. After the check is completed, the PC will restart, the normal boot of the Windows operating system will be performed.

The easiest way to run Microsoft Defender offline on a running system is to use the Windows Security app.

Do the following:

  1. Right click on the start menu button.
  2. Select Options from the context menu.
  3. In the Settings app window, go to Update & Security.
  4. Open the Windows Security tab.
  5. From the “Protection areas” section, go to the “Virus and Threat Protection” settings.
  6. In the Virus & Threat Protection window, in the Current Threats section, click the Scan Options link (in previous versions of Windows 10, Threat Log and then Run a new advanced scan).
  7. Activate the “Microsoft Defender Standalone Scan” item (the name of the item was previously “Microsoft Offline Defender Scan”).
  8. Click on the “Scan now” button (previously – “Check now”).
  9. In the “Save the required data” warning window, click on the “Validate” button.
  10. The PC will restart.
  11. The standalone Microsoft Defender will boot to your computer and run a scan of your PC to find and remove viruses.
  12. The scanning process takes about 15 minutes.
  13. After the scan is completed, the computer will boot the Windows operating system in normal mode.

The results of the scan can be viewed in the settings of the Windows Security tool: on the Virus & Threat Protection screen, open the Protection History.

Running the Microsoft Defender Standalone Module in Windows PowerShell

There are other ways to launch the “Offline Defender”, in particular, this can be done using the built-in Windows PowerShell system tool.

Go through the following steps:

  1. Run Windows PowerShell as an administrator.
  2. In the shell window, type the command, and then press the “Enter” key:
Start-MpWDOScan

Windows Defender Offline scan from the command line

Another way to launch the Microsoft defender Offline module is to use the built-in system tool – the Windows command line. You enter the Windows Management Instruction (WMI) part of the command line that starts Microsoft Defender Offline.

You need to do the following:

  1. Run command prompt as administrator.
  2. In the console window, run the command:
wmic /namespace:\\root\Microsoft\Windows\Defender path MSFT_MpWDOScan call Start

Using Windows Defender Offline from a flash drive or CD/DVD

In some situations, in the event of a serious infection, launching Autonomous Defender from a running system may be impossible or difficult. In this case, it makes sense to create bootable media (USB flash drive or optical CD/DVD) in advance, with which you can perform a virus scan.

Immediately after turning on the computer, you need to boot from a bootable USB flash drive or from a CD / DVD disk on which Microsoft Defender Offline is pre-recorded. The antivirus tool will scan for malware, and after the scan is complete, Windows will continue to start normally.

This tool is available to users of Windows 10, Windows 8.1, Windows 8, Windows 7 operating systems.

Download the Microsoft Defender Standalone tool from the official Microsoft website according to the bitness of the installed operating system installed on your computer.

To create a bootable USB flash drive or CD / DVD, do the following:

  1. Plug a USB flash drive into the appropriate slot on your PC, or insert a blank CD or DVD into the drive. For the tool to work, you must have an Internet connection in order to download up-to-date anti-virus databases.
  2. Run the downloaded file on your computer.
  3. In the “Windows Defender Offline” window, click on the “Next” button.
  4. In the window with the terms of use for Microsoft software, click on the “Accept” button.
  5. In the “Select bootable media” window, select the appropriate option for writing the antivirus tool:
  • On a blank CD or DVD.
  • To a USB flash drive that is not password protected.
  • ISO file on disk (optional).
  1. In the device selection window, confirm the drive where Windows Defender Offline will be written to. The flash drive must have at least 250 MB of free space.
  2. In the next window, agree with the formatting of the media, after which, all data located there will be deleted from there.
  3. The Create Bootable Media window displays the progress of the operation.
  4. In the “Installation Complete” window, read the information about further use of bootable media.
  5. Click on the “Finish” button.

If necessary, immediately after starting the PC, boot from this bootable media, set the scan type, perform the other following steps that the application will inform you about after the scan is completed.

If the flash drive already contains Windows Defender Standalone, then the application installer can be used to update the anti-virus databases.

Article Conclusions

Microsoft Defender Offline (Windows Defender Offline) is an antivirus tool for detecting and neutralizing virus software that runs from a trusted environment before the operating system on the computer boots. There are several ways to launch a scan with the Microsoft Defender Standalone Plugin from within Windows 10.

It is possible to create a bootable USB flash drive or a bootable CD/DVD that can be used to scan for viruses on computers running Windows 10, Windows 8.1, Windows 7 operating systems.

Leave a Reply

Your email address will not be published.