Windows Anniversary Update for Windows 10 v1607 and later allows offline scanning, without the need for being connected to the Internet. The Offline Scan actually scans while Windows isn’t running. So it’s more like an antivirus boot disc. This is very useful as most malware runs inside Windows, while rootkits that hide from Windows during the boot up process, should be detected when running a scan outside Windows.
IMPORTANT: Before you use Windows Defender Offline, make sure to save any open files and close apps and programs.
How to Offline Scan using Windows Defender
- Make sure you have Windows Defender enabled
- Next – open the Start menu > Settings > Update & security then select Windows Defender, to open Settings
- You should see Windows Defender Offline. Click > Scan Offline button
- You will be signed out and your PC will shutdown and be restarted
- On restart, you may see a command prompt window briefly and then you will see “Windows Defender Offline” message
- After a short while the above message disappears and you will then see the Windows Defender offline scanning progress
- The scan will take about 15 minutes before Windows is booted to your desktop
- If Windows Defender finds suspicious files or programs, it will remove them and you will be informed via a notification
To see the Windows Defender Offline scan results
- Select Start > Settings > Update & security > Windows Defender
- On the History tab, select > All detected items, then select View details
- You will be able to view detected items, alert level, detection date, action taken and detection method
Note: This is not the Windows Defender Offline Tool. This tool is designed for removable media such as a USB drive, and can help you boot your PC and run a scan.
It’s worth noting that regular backups will help you roll back to a previous version that isn’t found to have suspicious or malicious files. Very useful in the event Windows Defender Offline fails to remove a malicious file or program.