Occasionally, malware prevents your anti-malware tools from running, or is designed in such a way that anti-malware tools may not be able to actually eradicate the infection while Windows is running.
One of the most common solutions in the past has been to boot your computer from a DVD or USB drive that contains its own operating system, bypassing both Windows and the malware that might be interfering. Once running, this isolated operating system can run anti-malware tools that are much more likely to resolve the issue.
Windows 10 actually built in this capability. Without needing to download anything, you can boot your computer into “Windows Defender Offline” – a copy of Windows 10’s built-in anti-malware tool, running in a separate, isolated, dedicated copy of Windows 10.
Become a Patron of Ask Leo! and go ad-free!
It’s important to understand exactly which “Defender” we’re talking about, since Microsoft continues to confuse us with their choice of product names.
Windows Defender Offline is, effectively, the same Windows Defender anti-malware tool that comes with Windows 10.
Running Windows Defender Offline
There’s nothing to download. Windows Defender Offline is already installed in Windows 10.
Click on the Start menu, and then the gear icon in the left-hand column, to run the Settings app.
In the Settings app, click on Update and security.
On the resulting page, click on Windows Defender in the left-hand column.
On the resulting page, scroll down to locate the Windows Defender Offline section. Make sure any open documents are saved and any running programs or applications closed. Click Scan Offline to begin the scan.
The Windows Defender Offline Scan
Your machine will reboot and then automatically run Windows Defender Offline.
It will then automatically perform a scan of your machine.
If anything is found, it’ll be dealt with and reported.
Once the scan is complete, your machine will reboot again, returning to your normal Windows installation.
To locate the results of a Windows Defender scan, run Windows Defender. Using the Settings App, return to the Windows Defender page as detailed above.
This time, click on Open Windows Defender.
In Windows Defender, click on the History tab to see a list of malware detected in prior runs.
You may need to click on a View details button for the actual list to be displayed.
When Windows Defender Offline doesn’t work
Since Windows Defender Offline is actually stored on your machine, it’s possible it could be damaged – perhaps by the very malware you’re attempting to remove. Similarly, it’s possible that the process of running it – which is initiated within Windows – may not work due to the malware’s presence.
In situations like this, you need to run a different off-line anti-malware tool.
I’ll provide a list soon.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!