Microsoft Defender Offline

Microsoft Defender Offline is a security tool that checks your computer for malware in the Windows 10, Windows 8.1, and Windows 7 operating systems. This is another tool from Microsoft to help protect your system from viruses and malicious software.

Microsoft has changed the name of this product several times, so this antivirus tool is also known by other names: Windows Defender offline, Microsoft Defender offline.

Some of the malicious software penetrates deeply into the system and is removed from the computer with great difficulty. In these situations, it is not at all easy for antivirus to block the negative effects of malware.

Viruses, for example, rootkits, try to infiltrate a PC outside the Windows shell, such as a boot record (MBR), to bypass the protection performed by an anti-virus program installed on the computer. In such situations, the standalone Microsoft Defender module will help the user to detect and neutralize virus programs.

Windows Defender Autonomous Defender is scanned from a trusted “clean” environment, outside the operating system kernel, before starting or during a PC reboot. Thanks to this, Windows Autonomous Defender can detect malicious software that tries to bypass the standard Windows shell protection.

Microsoft Defender Offline: what is it

Some of the malicious software penetrates deeply into the system and is removed from the computer with great difficulty. In these situations, it is not at all easy for antivirus to block the negative effects of malware.

Viruses, for example, rootkits, try to infiltrate a PC outside the Windows shell, such as a boot record (MBR), to bypass the protection performed by an anti-virus program installed on the computer. In such situations, the standalone Microsoft Defender module will help the user to detect and neutralize virus programs.

Windows Defender Autonomous Defender is scanned from a trusted “clean” environment, outside the operating system kernel, before starting or during a PC reboot. Thanks to this, Windows Autonomous Defender can detect malicious software that tries to bypass the standard Windows shell protection.

The Microsoft Defender Offline scan is performed in the following cases:

  • Built-in antivirus Windows Security (formerly Windows Defender Security Center) detects rootkits or hard-to-remove malware on your computer.
  • You suspect that viruses are affecting your PC, but the antivirus does not detect them.
  • To perform a deep system scan after a massive virus infection.

In some cases, the operating system security system independently suggests using Windows 10 Offline Defender as an additional tool for cleaning the system from viruses.

Starting with Windows 10 version 1607, the user can manually perform an offline scan of his computer using this tool.

Standalone Microsoft Defender performs its work during a system restart or before Windows boots. This protection tool can be launched from a running operating system, or from a bootable media created in advance.

There are several ways to run a Windows Defender offline scan:

  • By running Windows Security app (Windows Defender).
  • From Windows PowerShell.
  • From the command line using Windows Management Instruction (WMI) commands.

Microsoft Offline Defender does not support ARM-based PCs or Windows Server operating systems.

Microsoft Offline Defender uses Microsoft Defender antivirus databases in its work, so it is advisable to update your security systems before running the scan.

Running Microsoft Windows Defender Offline on Windows 10

Now let’s consider one of the options for launching “Offline Defender” directly from a running Windows 10 operating system.

Before using Microsoft Defender offline, save open documents and files, close the windows of running programs, because the computer must be restarted to scan.

Microsoft Offline Defender scans your computer for about 15 minutes. After completing the check, the PC will reboot, and the normal boot of the Windows operating system will be performed.

Running Microsoft Windows Defender Offline on Windows 10

The easiest way to run Microsoft Defender offline on a running system is to use the Windows Security application.

Follow these steps:

  1. Right-click on the Start Menu button.
  2. From the context menu, select Options.
  3. In the application’s Settings window, go to Update & Security.
  4. Click the Windows Security tab.
  5. From the “Protection scopes” section, go to the “Virus and threat protection” settings.
  6. In the Virus & Threat Protection window, in the Current Threats section, click the Scan Settings link (in previous versions of Windows 10, Threat Log, and then Run a New Advanced Scan).
  7. Activate the “Microsoft Defender Standalone Scan” item (the name of the item was earlier – “Microsoft Defender Offline Scan”).
  8. Click on the “Run Scan Now” button (previously – “Check Now”).
  9. In the warning window “Save the required data” click on the “Check” button.
  10. The PC will restart.
  11. The computer will boot a standalone Microsoft Defender, which will scan the PC to find and remove viruses.
  12. The scanning process takes about 15 minutes.
  13. After the check is complete, the computer will boot the Windows operating system in normal mode.

You can view the scan results in the Windows Security settings: on the Virus & Threat Protection screen, open the Protection Log.

Running Microsoft Defender Standalone Module in Windows PowerShell

There are other ways to launch Offline Defender, in particular using the built-in Windows PowerShell system tool.

Go through the following steps:

  1. Run Windows PowerShell as administrator.
  2. In the shell window, enter the command, and then press the “Enter” key:

Start-MpWDOScan

Checking by Windows Autonomous Defender from the command line

Another way to launch the Microsoft defender Offline plug-in is to use the built-in system tool, the Windows command line. The command line enters the portion of the Windows Management Instruction (WMI) that launches Microsoft Offline Defender.

You need to do the following:

  1. Run Command Prompt as Administrator.
  2. In the console window, run the command:

wmic / namespace: \ root \ Microsoft \ Windows \ Defender path MSFT_MpWDOScan call Start

Using the tool from a USB stick or CD / DVD

In some situations, in the event of a serious infection, launching “Autonomous Defender” from a running system may be impossible or difficult. In this case, it makes sense to create a bootable media (USB flash drive or optical CD / DVD) in advance, with which you can perform a virus scan.

Installing Microsoft Defender Offline from CD or DVD

Immediately after turning on the computer, you must boot from a bootable USB flash drive or from a CD / DVD disc with Microsoft Defender Offline recorded in advance. The antivirus tool will scan for malware, and after the scan finishes, Windows will continue to start normally.

This tool is available to users of Windows 10, Windows 8.1, Windows 8, Windows 7 operating systems.

You can download the Microsoft Defender Offline from the official Microsoft website according to the bitness of the operating system installed on your computer.

To create a bootable USB flash drive or CD / DVD disk do the following:

  1. Connect a USB flash drive to the appropriate connector on your PC, or insert a blank CD or DVD into your drive. For the tool to work, you must have an Internet connection in order to download the latest anti-virus databases.
  2. Run the downloaded file on your computer.
  3. In the Windows Defender Offline window, click the Next button.
  4. In the Microsoft software terms of use window, click the “Agree” button.
  5. The “Select bootable media” window, select the appropriate option for recording the antivirus tool:
  • On a blank CD or DVD.
  • To a USB flash drive that is not password protected.
  • ISO file on disk (optional).
  • In the device selection window, confirm the drive to which Windows Defender Offline will be burned. The flash drive must have at least 250 MB of free space.
  • In the next window, agree with the formatting of the media, after completing which, all data located there will be deleted from there.
  • The Bootable Media Creation window displays the progress of the operation.
  • In the Installation Complete window, review the information on how to continue using the bootable media.
  • Click on the “Finish” button.

If necessary, immediately after starting the PC, boot from this bootable media, set the scan type, follow the other next steps, which will be reported by the application, after the scan is complete.

If the USB flash drive already contains Standalone Windows Defender, then the application installer can be used to update the anti-virus databases.

Microsoft Defender Offline is a powerful security tool for finding and neutralizing virus software that runs from a trusted environment before the operating system is loaded on the computer. There are several ways to start a scan using Microsoft Defender Standalone Module from within Windows 10.

It is possible to create a bootable USB stick or bootable CD / DVD that can be used to scan for viruses on computers running Windows 10, Windows 8.1, and Windows 7.

Leave a Reply