How to scan with Windows Security Offline

If you own a laptop or a PC you can run Windows Defender to scan your system offline. This is useful when some types of malware are hard to clean and we need to use a recovery environment before Windows is actually loaded.

This sort of situation has led Microsoft to create the Windows Defender Offline antivirus tool for Windows 7 and Windows 10. Please note that Windows Defender has been rebranded to Windows Security following the May 2020 Windows update.

Remove a malware using the Windows Defender Offline scan in Windows 10

To open Windows Security, use the Start Menu or the search option:

Start Menu > search Windows Security > Open Windows Defender Security Centre.

Once there click the “Virus & threat protection” option and select “Advanced Scan” to reveal your scan options. From the options listed select “Microsoft Defender Offline scan” and start scan.

Before doing this, it is required that you save and close all your work Tabs, as Microsoft Defender Offline scan requires you to restart the computer.  Should a UAC (User Account Control) prompt pop up for your confirmation.

Worth reading: Best registry tools for Windows 10

You would also get a notification that you are about to Sign out, and PC would shut down in less than a minute. Affirm the notice and wait for device to restart.

Microsoft Defender Offline scan will begin to run as Windows 10 boots in a recovery environment. Be patient as it would take a while to complete the scan. As Microsoft Defender Offline scans your computer automatically if malware is detected it would ask you what action you would like to take against it.

How do I run the Windows Security Offline scan on Windows 7 or Windows 10 if my system refuses to boot up

If your device is prevented from booting up by a malware infection, you must use another device to download the correct Microsoft Defender Offline version for your Windows version. Either the 32-bit or the 64-bit version of Microsoft Defender Offline based on your system specification, you’ll also need to download an additional file, either mssstool32.exe or mssstool64.exe respectively.

Next, you need to burn the Microsoft Defender Offline on to a blank CD or DVD, or copy on to a USB flash drive, or save it as an ISO disc image that can be used on the system that was infected with malware.

Then you can run the mssstool32.exe or mssstool64.exe file, as the case may be, and select Yes when you see a UAC prompt pop up. Using the wizard, install Windows Defender Offline on the flash drive/dvd.

You will be asked to choose where you want to install the Windows Defender Offline: blank CD or DVD, a USB flash drive, or to save as an ISO file on the blank disk.

If you selected the USB storage option and multiple flash drives are plugged-in, you would be prompted to choose the flash drive you want to use and then press Next. Then, you would be informed that the Windows Defender Offline requests to reformat the flash drive before can continue the installation. Ensure you do not have any data on it and then click on Next to continue.

Windows Defender Offline will download all the files (about 250 MB in size) that it needs onto the formatted USB flash drive.

To use the newly made bootable flash drive or CD/DVD, insert into the infected computer and configure it to boot from the drive/disc. During this procedure, a smaller Windows kernel would which will Windows Defender Offline.

Now Windows Security will automatically start to scan your device for malware. On scan completion, you will be prompted to erase all discovered malware (if any). This process might also take a while to load so ensure the system is plugged into a power source to avoid interruptions.