Posts Tagged ‘Windows Defender’

Summary:  ‘How To’ select and run Windows Defender Offline in Windows 10

Comments:

  • Windows Defender Offline(WDO) is an antimalware scanning tool
  • WDO provides the ability to boot and scan the device in a trusted environment
  • WDO’s scan runs outside the normal Windows kernel and operating system
  • Scanning in a trusted environment outside the Windows kernel allows WDO to scan for and target malware that attempts to bypass the Windows shell(e.g. viruses and malware that can infect or overwrite the boot record data)
  • WDO can be run on devices using MBR(Master Boot Record) or GPT(GUID Partition Table)
  • The ‘How To’ section in this article is based on the current Windows 10 1703 version(Creators Update)
  • When WDO’s is instructed to run(required, it does not run on its own) it(and Windows) will restart the device, boot the device, pass control to WDO instead of the Windows kernel and operating system, and then perform the scan
  • WDO’s Offline scan should take less than 15 minutes when no infections are found and/or corrected
  • WDO may remove or quarantine items during its scan
    • Items removed or quarantined by WDO will be listed/shown in Windows 10 in Windows Defender’s Scan History section (located in the Windows Defender Security Center/Virus and Threat Protection/)
  • Note: To run WDO ensure Windows 10 is logged on with an Administrator account

How To:

  • Click the Windows Start Button and scroll down the alphabetical app listing and select Windows Defender Security Center
    • Optionally one can right click on the Windows Defender icon in the Task Bar Notification area and select open
  • Click on ‘Virus and Threat Protection’

WDO_01

  • Click on ‘Advanced Scan’

WDO_02

  • Select the ‘Windows Defender Offline scan’ option, then click ‘Scan Now’

WDO_03

  • Acknowledge the prompt to ‘Save your work’ do so if necessary, then click ‘Scan’

WDO_04

  • Once ‘Scan’ is clicked,  Windows 10 Creators Update Version 1703 will prompt with a User Account Control(UAC) notice dialog box requesting the user to allow changes to the computer.  Click ‘Yes’ to this required prompt to proceed with the restart process and allowing WDO to run and scan the device in the necessary offline mode.
  • WDO will scan (see screenshot below) then automatically restart the device

WDO_05

Additional Information:

 

Revisions:

June 26, 2017: Initial Draft Date

June 27, 2017: Final Draft Date

June 28, 2017: Initial Publish Date

Summary:   How to Run Windows Defender Offline

 

Comments:

  • Windows 10 Version 1607 includes a new feature(tool) for malware removal – ‘Windows Defender Offline’
  • Windows Defender Offline is integrated into Windows 10 Version 1607
  • Windows Defender Offline performs the scan prior to Windows startup (i.e. Offline)
  • Provides the ability to remove malware and viruses that may be difficult or not capable of being removed while Windows is running

 

How-To:

Note: Save all work and close all applications prior to proceeding to run Windows Defender Offline

  • Steps to run Windows Defender Offline
    • Click on each in sequence
      • Start Button
      • Settings
      • Update and Security
      • Windows Defender (then scroll down to ‘Windows Defender Offline’)
      • Scan Offline

W10_WDO_01

    • After clicking ‘Scan Online’ the Windows Defender Offline process will provide an alert that Windows will shutdown in about a minute.  Once the timeout occurs, Windows will Restart
    • After the required Restart, Windows Defender will briefly show a screen indicating the scan is about to begin
    • Once the scan begins the Windows Defender Offline graphical interface will appear with a progress bar
    • The scan typically takes about 15 minutes to complete
    • Once complete, if no malware is found, the system/device will reboot
      • If malware(an infection) is found, Windows Defender Offline will provide the ability to remove the malware/infection.
            • (Note: Windows Defender Offline, like all other Antivirus/Antimalware scanning software that runs resident and non-resident may not be able to remove all forms of malware)

 

Revisions:

August 3, 2016: Initial Draft Date

October 8, 2016: Initial Publish Date

March 15, 2017:  Updated ‘Comments’ and  itemized  ‘How-To’ steps in bullet form