Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

Windows Defender Offline in Windows 10

Occasionally, malware prevents your anti-malware tools from running, or is designed in such a way that anti-malware tools may not be able to actually eradicate the infection while Windows is running.

One of the most common solutions in the past has been to boot your computer from a DVD or USB drive that contains its own operating system, bypassing both Windows and the malware that might be interfering. Once running, this isolated operating system can run anti-malware tools that are much more likely to resolve the issue.

Windows 10 actually built in this capability. Without needing to download anything, you can boot your computer into “Windows Defender Offline” – a copy of Windows 10’s built-in anti-malware tool, running in a separate, isolated, dedicated copy of Windows 10.

Become a Patron of Ask Leo! and go ad-free!

Windows Defender?

It’s important to understand exactly which “Defender” we’re talking about, since Microsoft continues to confuse us with their choice of product names.

  • Windows Defender was the name of a tool that only scanned for spyware, and not other forms of malware, that ran in Windows XP, Vista and Windows 7. Microsoft Security Essentials (MSE), a tool that scanned for all types of malware, could be downloaded, and replaced Windows Defender when installed.
  • A separate tool called “Windows Defender Offline” (WDO), which was actually equivalent to MSE, could be downloaded for Windows versions up to and including Windows 7.
  • MSE was renamed Windows Defender in Windows 8, 8.1 and 10.

Windows Defender Offline is, effectively, the same Windows Defender anti-malware tool that comes with Windows 10.

Running Windows Defender Offline

There’s nothing to download. Windows Defender Offline is already installed in Windows 10.

Click on the Start menu, and then the gear icon in the left-hand column, to run the Settings app.

Start Menu, Gear icon

In the Settings app, click on Update and security.

Update & security

On the resulting page, click on Windows Defender in the left-hand column.

Windows Defender link in settings

On the resulting page, scroll down to locate the Windows Defender Offline section. Make sure any open documents are saved and any running programs or applications closed. Click Scan Offline to begin the scan.

Windows Defender Offline

 

The Windows Defender Offline Scan

Your machine will reboot and then automatically run Windows Defender Offline.

Windows Defender Offline - loading

It will then automatically perform a scan of your machine.

Windows Defender Offline - running

If anything is found, it’ll be dealt with and reported.

Once the scan is complete, your machine will reboot again, returning to your normal Windows installation.

Results

To locate the results of a Windows Defender scan, run Windows Defender. Using the Settings App, return to the Windows Defender page as detailed above.

Open Windows Defender

This time, click on Open Windows Defender.

In Windows Defender, click on the History tab to see a list of malware detected in prior runs.

Windows Defender History

You may need to click on a View details button for the actual list to be displayed.

When Windows Defender Offline doesn’t work

Since Windows Defender Offline is actually stored on your machine, it’s possible it could be damaged – perhaps by the very malware you’re attempting to remove. Similarly, it’s possible that the process of running it – which is initiated within Windows – may not work due to the malware’s presence.

In situations like this, you need to run a different off-line anti-malware tool.

I’ll provide a list soon.

Podcast audio

Play

More for Patrons of Ask Leo!

Silver-level patrons have access to this related video from The Ask Leo! Video Library.

Running Windows Defender Offline (in Windows 10)   Running Windows Defender Offline (in Windows 10)

17 comments on “Windows Defender Offline in Windows 10”

  1. I’m running 1607 14393.726 recently installed on two separate HDD’s. On both of them, the Windows Defender Offline Scan button does not initiate an offline scan. When double clicked, a message prompt states “Something went wrong. Try again later”. My system is very clean…no malware.

    I have researched this problem without remedy. Some are saying the offline scan button stopped working a few OS builds back in time and will be fixed with Version 1704 coming in April 2017. I performed an offline scan using a USB flash drive successfully, but the offline scan button built into Windows 10 still is nonfunctional. Any clues or information? Thanks.
    .

    Reply
  2. If I have Avast real-time protection installed in Windows 10, should I turn off Windows Defender?

    It’s been off since I installed Windows 10, but I turned it on after reading this article. Now It says that “another AV program is providing real-time protection, but Windows Defender will periodically scan your PC for threats”

    Is this a good idea? I’ve heard that too many AV programs installed can be a problem. What do you think?

    Reply
      • With the Anniversary Update, Windows Defender can protect your PC by providing a second layer of protection – even if you have installed another antivirus. This option is named “limited periodic scanning”. Enable it, and Windows Defender will occasionally perform a scan to check for any malware that your primary antivirus product missed. It’s not enabled by default, and it can’t yet be enabled on managed Windows 10 PCs that are joined to a domain.

        To access Limited Periodic Scanning, open the Start menu and select “Settings”. Head to Update & Security > Windows Defender and enable the “Limited Periodic Scanning” feature. You can only enable this feature if you’re using another antivirus program.

        Reply
  3. My Windows Defender offline does not display on my Windows Defender setting. Scrolling down, I go from the ” Exclusions” setting to the “Version Info” setting. I can’t find anything online. Any thoughts on how to get this?

    Thanks

    Reply
  4. I recently had a disastrous experience with Windows Defender Offline. I had a Malwarebytes warning popup that a website was being blocked so naturally I got the heck out of there. Yes, it was an unsavory website. So I decided to try the Defender Offline. The app did not reboot. Nothing happened. Task Manager did not show it was running. So I forced a restart reboot. Windows did not restart. Blank, black screen. So I used my Recover USB and attempted to go to a previous restore point. After running a long time, restore said it could not restore the point, try another point. Same result. So then I tried the option to repair Windows startup. Message was it could not fix the problem but no indication of the problem. Windows said it could not repair the problem. So then I went to the command prompt ran SFC /scannow and there were no problems. I restarted the PC with the recovery USB but nothing happened this time. The recover did not start.

    So I used Mint 18 to salvage the most recent files (a few photos and a few documents) using Beyond Compare 3 (such a cool program!) and then…yep, Macrium Reflect to the rescue! The image was only a month and a half old so getting things back to normal involved only re-installing a couple of software apps. Needless to say, I’m not very happy with Defender Offline or the Recover USB but the situation was easily remedied.

    Any thoughts about Defender Offline or the USB Recover would be welcomed.

    Reply
  5. Per your tip, I ran the Windows Defender Offline. Unfortunately, it will only do a Quick Scan.
    Checking the History was very disappointing. I was expecting something like a log, but all I got was three sections where found items would be entered. All three were blank, which I guess is good news.
    Anyway, I’ll run it along with my other routine malware checks.

    Reply
  6. I’m running 1607 OS Build 14393.953 and the Windows Defender Offline button still doesn’t initiate a scan. If double clicked statement says, “Something went wrong. Try again later.” Anybody have a clue? System is clean as a wizard otherwise. Guess I’ll have to wait for Version 1703 to get this fixed.

    Reply
  7. I’m running 1703 15063.11 Release Preview Ring and notice that Windows Defender Offline Scan has vanished m the Creators Update! Am I nuts or did they relocate it??

    Reply
  8. I am trying to run windows defender in my windows 10 in the offline reboot mode. It says it will restart the computer but it just shuts the computer down. It works fine online in the smart and full scan mode. How do I get to restart in this offline mode, thanks.

    Reply
  9. Windows Defender reported 3 instances of malware but did not “specifically” identify them…they just “went away.” No satisfied with that answer, I went to run Windows Defender Offline. I’m running Windows 10 (1607) as well and I get the same error message (Something went wrong. Try again later) when I try to run Windows Defender Offline from the Settings area.

    I tried to download and run the 64 bit version that I imaged to a thumb drive but I have EFI boot security enabled and it worked…could not boot from that device unless I took out secure boot.
    Next:
    I downloaded, installed, and ran Sophos remover
    I downloaded and ran Norton Power Eraser

    Nothing found. Hmmm..
    Next, I’m removing the hard drive, putting a USB interface on it, and attaching it to another computer running AV.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.