Occasionally, malware prevents your anti-malware tools from running, or is designed in such a way that anti-malware tools may not be able to actually eradicate the infection while Windows is running.
One of the most common solutions in the past has been to boot your computer from a DVD or USB drive that contains its own operating system, bypassing both Windows and the malware that might be interfering. Once running, this isolated operating system can run anti-malware tools that are much more likely to resolve the issue.
Windows 10 actually built in this capability. Without needing to download anything, you can boot your computer into “Windows Defender Offline” – a copy of Windows 10’s built-in anti-malware tool, running in a separate, isolated, dedicated copy of Windows 10.
Become a Patron of Ask Leo! and go ad-free!
Windows Defender?
It’s important to understand exactly which “Defender” we’re talking about, since Microsoft continues to confuse us with their choice of product names.
|
Windows Defender Offline is, effectively, the same Windows Defender anti-malware tool that comes with Windows 10.
Running Windows Defender Offline
There’s nothing to download. Windows Defender Offline is already installed in Windows 10.
Click on the Start menu, and then the gear icon in the left-hand column, to run the Settings app.
In the Settings app, click on Update and security.
On the resulting page, click on Windows Defender in the left-hand column.
On the resulting page, scroll down to locate the Windows Defender Offline section. Make sure any open documents are saved and any running programs or applications closed. Click Scan Offline to begin the scan.
The Windows Defender Offline Scan
Your machine will reboot and then automatically run Windows Defender Offline.
It will then automatically perform a scan of your machine.
If anything is found, it’ll be dealt with and reported.
Once the scan is complete, your machine will reboot again, returning to your normal Windows installation.
Results
To locate the results of a Windows Defender scan, run Windows Defender. Using the Settings App, return to the Windows Defender page as detailed above.
This time, click on Open Windows Defender.
In Windows Defender, click on the History tab to see a list of malware detected in prior runs.
You may need to click on a View details button for the actual list to be displayed.
When Windows Defender Offline doesn’t work
Since Windows Defender Offline is actually stored on your machine, it’s possible it could be damaged – perhaps by the very malware you’re attempting to remove. Similarly, it’s possible that the process of running it – which is initiated within Windows – may not work due to the malware’s presence.
In situations like this, you need to run a different off-line anti-malware tool.
I’ll provide a list soon.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Podcast audio
More for Patrons of Ask Leo!
Silver-level patrons have access to this related video from The Ask Leo! Video Library.
Running Windows Defender Offline (in Windows 10)
I’m running 1607 14393.726 recently installed on two separate HDD’s. On both of them, the Windows Defender Offline Scan button does not initiate an offline scan. When double clicked, a message prompt states “Something went wrong. Try again later”. My system is very clean…no malware.
I have researched this problem without remedy. Some are saying the offline scan button stopped working a few OS builds back in time and will be fixed with Version 1704 coming in April 2017. I performed an offline scan using a USB flash drive successfully, but the offline scan button built into Windows 10 still is nonfunctional. Any clues or information? Thanks.
.
If I have Avast real-time protection installed in Windows 10, should I turn off Windows Defender?
It’s been off since I installed Windows 10, but I turned it on after reading this article. Now It says that “another AV program is providing real-time protection, but Windows Defender will periodically scan your PC for threats”
Is this a good idea? I’ve heard that too many AV programs installed can be a problem. What do you think?
Only one antimalware program at a time should be running in real time.
https://askleo.com/can_i_run_more_than_one_antimalware_program_or_firewall/
With the Anniversary Update, Windows Defender can protect your PC by providing a second layer of protection – even if you have installed another antivirus. This option is named “limited periodic scanning”. Enable it, and Windows Defender will occasionally perform a scan to check for any malware that your primary antivirus product missed. It’s not enabled by default, and it can’t yet be enabled on managed Windows 10 PCs that are joined to a domain.
To access Limited Periodic Scanning, open the Start menu and select “Settings”. Head to Update & Security > Windows Defender and enable the “Limited Periodic Scanning” feature. You can only enable this feature if you’re using another antivirus program.
My Windows Defender offline does not display on my Windows Defender setting. Scrolling down, I go from the ” Exclusions” setting to the “Version Info” setting. I can’t find anything online. Any thoughts on how to get this?
Thanks
Are you running the latest version of Windows 10?
no. I have version 1511 (home edition).
I believe this was added/updated significantly in the last major update (anniversary) so that may be required.
Good call Leo. The update did it. Thanks.
I recently had a disastrous experience with Windows Defender Offline. I had a Malwarebytes warning popup that a website was being blocked so naturally I got the heck out of there. Yes, it was an unsavory website. So I decided to try the Defender Offline. The app did not reboot. Nothing happened. Task Manager did not show it was running. So I forced a restart reboot. Windows did not restart. Blank, black screen. So I used my Recover USB and attempted to go to a previous restore point. After running a long time, restore said it could not restore the point, try another point. Same result. So then I tried the option to repair Windows startup. Message was it could not fix the problem but no indication of the problem. Windows said it could not repair the problem. So then I went to the command prompt ran SFC /scannow and there were no problems. I restarted the PC with the recovery USB but nothing happened this time. The recover did not start.
So I used Mint 18 to salvage the most recent files (a few photos and a few documents) using Beyond Compare 3 (such a cool program!) and then…yep, Macrium Reflect to the rescue! The image was only a month and a half old so getting things back to normal involved only re-installing a couple of software apps. Needless to say, I’m not very happy with Defender Offline or the Recover USB but the situation was easily remedied.
Any thoughts about Defender Offline or the USB Recover would be welcomed.
Great that you had a backup. It is the closest thing to a silver bullet.
Per your tip, I ran the Windows Defender Offline. Unfortunately, it will only do a Quick Scan.
Checking the History was very disappointing. I was expecting something like a log, but all I got was three sections where found items would be entered. All three were blank, which I guess is good news.
Anyway, I’ll run it along with my other routine malware checks.
I’m running 1607 OS Build 14393.953 and the Windows Defender Offline button still doesn’t initiate a scan. If double clicked statement says, “Something went wrong. Try again later.” Anybody have a clue? System is clean as a wizard otherwise. Guess I’ll have to wait for Version 1703 to get this fixed.
I’m running 1703 15063.11 Release Preview Ring and notice that Windows Defender Offline Scan has vanished m the Creators Update! Am I nuts or did they relocate it??
Since it does not work, why should it be there? Or anywhere in Windows 10?
I am trying to run windows defender in my windows 10 in the offline reboot mode. It says it will restart the computer but it just shuts the computer down. It works fine online in the smart and full scan mode. How do I get to restart in this offline mode, thanks.
Windows Defender reported 3 instances of malware but did not “specifically” identify them…they just “went away.” No satisfied with that answer, I went to run Windows Defender Offline. I’m running Windows 10 (1607) as well and I get the same error message (Something went wrong. Try again later) when I try to run Windows Defender Offline from the Settings area.
I tried to download and run the 64 bit version that I imaged to a thumb drive but I have EFI boot security enabled and it worked…could not boot from that device unless I took out secure boot.
Next:
I downloaded, installed, and ran Sophos remover
I downloaded and ran Norton Power Eraser
Nothing found. Hmmm..
Next, I’m removing the hard drive, putting a USB interface on it, and attaching it to another computer running AV.