Windows Defender Offline integrated into Windows 10

Martin Brinkmann
Feb 28, 2016
Updated • Jul 5, 2017
Windows, Windows 10
|
22

Windows Defender Offline is a new feature of Insider Builds of Windows 10 that enables you to scan the computer system during boot time and without Internet connection requirement.

Windows Defender is the built-in antivirus solution of the Windows 10 operating system. While its capabilities have improved in recent time, it is still inferior when it comes to the detection of malware when compared to many third-party solutions.

The latest AV Test results published in October 2015 for instance give Windows Defender 14 out of 18 points, but only 3.5 of 6 points in the protection test category which is the lowest score awarded in the test series.

Windows Defender Offline

While that is certainly discouraging, it is positive that Windows Defender's protection capabilities are improving. One of the latest improvements that is currently available only to Windows Insiders on Windows 10 is a new option to run a system scan on boot instead of while the system is running.

windows defender offline

Note: Microsoft pushed out Windows Defender Offline back in 2011, but did not really advertise the program and updated it the last time in 2015. It was a standalone program that you could download and run on your system to scan the PC before start of the operating system.

The new feature is part of Windows 10 Build 14271 which means that it is currently being tested by Fast Ring users only.

Offline scan options, or pre-boot scans, can be essential in removing malware that cannot be removed while the Windows operating system is up and running. Most antivirus solutions either ship with these capabilities or provide access to boot disks that users can load the antivirus solution from before the operating system starts.

Some malicious software can be particularly difficult to remove from your PC. Windows Defender Offline can help find and remove them using up-to-date threat definitions. This will restart your PC and will take about 15 minutes.

You can access the new "scan offline" function of Windows Defender on Windows 10 in the following way:

  1. Use Windows-I to open the new Settings application.
  2. Navigate to Update & Security > Windows Defender.
  3. Scroll down until you find the new Windows Defender Offline entry there.
  4. Make sure you close all open applications and save all work before you continue.
  5. Click on the scan offline button to initiate a countdown to restart the system and run the scan on reboot.

A one minute before the system is rebooted prompt is displayed with no option to stop the process once it is in motion. While you find a close button attached to the prompt, it will simply close it and reboot the system. Clicking anywhere else on the scan reboots the system immediately as well.

Microsoft will probably add an option to stop the reboot from happening before the feature lands in stable builds of Windows 10. For now, there is no option to stop the reboot. (via Deskmodder)

Summary
Windows Defender Offline integrated into Windows 10
Article Name
Windows Defender Offline integrated into Windows 10
Description
Windows Defender Offline is a new feature of Windows Defender on Windows 10 systems that scans the system before operating system start.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Wayne Ruppersburg said on March 17, 2017 at 9:25 pm
    Reply

    I’m running 1607 OS Build 14393.953 and the Windows Defender Offline button still doesn’t initiate a scan. If double clicked statement says, “Something happened. Try again later.” Anybody have a clue?

  2. Wayne Ruppersburg said on February 21, 2017 at 7:51 pm
    Reply

    The Windows Defender Offline Scan button will not initiate a scan on my Win10 1607 OS build 14393.726. I’ve googled this problem without any solutions. When I double click the scan offline button, I receive a notice stating “Something went wrong. Try again later” Anybody have any clues about this?

    I’m thinking there must be some program incompatibility problem. I can perform the offline scan when booted to a USB flash drive containing the download but not on the scan offline button in Update and Security Settings. Anybody have a clue?

  3. dougster said on March 5, 2016 at 8:01 pm
    Reply

    I would appreciate comments on Secure Boot in the context of this article.

    In particular, on a new Windows 10 PC in which Secure Boot is enabled by default, isn’t one significantly better off compared to just running offline scanners, and is offline scanning even needed?

    My impression is: (1) Secure Boot is designed to pro-actively block malware from ever getting injected into the “pre-OS” environment. (2) Offline scanning is inferior as it is a reactive approach. (3) When Secure Boot is enabled, offline scans are no longer needed (except perhaps following a UEFI firmware update – to cover the possibility of a non-secure update).

    I am looking into a basic custom PC with a clean Windows 10 install, but the builder prefers to disable Secure Boot by default. My thinking is I should press for a well-tested machine with Secure Boot enabled because I have little to lose and so much convenience and peace of mind to gain. And if the generic Windows 10 user will soon have the option of using Windows Defender, why not also give them the option of Secure Boot “to boot”?

  4. Bill Bright said on March 1, 2016 at 6:39 pm
    Reply

    Thanks brightspark (no relation!). Sadly, so many in the IT press (as seen with this article) and other Microsoft bashers elsewhere are so eager to jump on the “bash Microsoft” bandwagon, they simply repeat what they heard (even if not applicable to the topic) without verifying the facts or seeking the truth. And sadly, when it comes to those in the IT press, the goal is often just to sensationalize headlines to seek attention. :(

    Is WD the best antimalware solution out there? NO! But as noted above, we don’t need a resource hogging Abrams tank to remain safe – and this is especially true with W7 and W8 and even more so with W10.

    Frankly, only Microsoft has a true incentive to protect us. Why? Because they will get blamed anyway so only Microsoft has a true incentive to rid the world of malware. Norton, McAfee, Kaspersky, Bitdefender, AVG and the others have absolutely no incentive whatsoever to rid the world of malware! Why? Because that will put them out of business. They need and thrive on the existence of malware.

    Something to think about!

  5. Bill Bright said on March 1, 2016 at 4:14 pm
    Reply

    “I am in computing for ~50 years, never used Defender and never been infected by a virus.
    Defender is the worse ever security application ever written, just like MSE has been”

    Since you have never used WD or MSE, then clearly ilev, you are totally unqualified to make any statements about them. It is also clear you do not understand the philosophy behind WD or how testing labs use synthetic scenarios that do not represent real world use.

    None of the computers I am responsible for have been infected since using MSE when W7 was released and WD since W8 came out – and I’ve been this industry since Oct 1971.

    1. brightspark said on March 1, 2016 at 6:19 pm
      Reply

      I agree 100% Bill. I’ve been using MSE and Windows Defender for years and have experienced zero malware issues. I work in the industry and the vast majority of my associates also use MSE/Defender.

      I also agree that common sense, vigilance, and caution should be everyone’s first line of defense.

  6. anon said on February 29, 2016 at 7:44 pm
    Reply

    >Microsoft pushed out Windows Defender Offline back in 2011, but did not really advertise the program and updated it the last time in 2012. It was a standalone program that you could download and run on your system to scan the PC before start of the operating system.

    What? Microsoft last updated this in February 2015 according to your own link.

    1. Martin Brinkmann said on February 29, 2016 at 8:03 pm
      Reply

      I cannot find a date anywhere where it states that, can you post a link please?

      1. anon said on February 29, 2016 at 8:04 pm
        Reply

        If you download the tool from the link, it says the .exe was last modified on February 21, 2015. Its digital signatures also have that date.

      2. Martin Brinkmann said on February 29, 2016 at 8:08 pm
        Reply

        Thank you, I update the article asap.

  7. Bill Bright said on February 29, 2016 at 7:12 pm
    Reply

    Yeah right.

    Do not that viruses, like Trojans worms, are malware too.

    I certainly agree that common sense is essential but to suggest only Kaspersky and Bitdefender provide proper protection is simply silly – and of course, not true. Otherwise, there would be 100s of millions of infected WD users out there – and that is just not the case.

    I’ve been using WD on all my systems since W8.x came out and MSE on W7 before that – with no infections whatsoever – as have 100s of millions of other users worldwide.

    I do recommend the use of decent supplemental scanner, however – just to me sure the user (ALWAYS the weakest link in security) or WD let something slip buy. I use MBAM Premium on this system and MBAM Free on my other systems and so far, MBAM has detected nothing that slipped by.

    If you (or other users of your computer) are careless, have no common sense, or are “click-happy”, then by all means, bog down your systems with extra armor. But if you keep Windows updated, don’t visit the dark side of the Internet, and you (and all users of your computer) use common sense when it comes clicking on unsolicited links, downloads and attachments, then WD and WF are just fine.

    1. ilev said on March 1, 2016 at 6:32 am
      Reply

      “I’ve been using WD on all my systems since W8.x came out and MSE on W7 before that – with no infections whatsoever ”

      I am in computing for ~50 years, never used Defender and never been infected by a virus.
      Defender is the worse ever security application ever written, just like MSE has been, and it gets the worse marks in every AV test. Worse, it gives a false sense of security to users (and even worse, corporations).

      1. anon said on March 1, 2016 at 3:41 pm
        Reply

        ilev, you assume AV tests are impartial and/or trustworthy in the first place. Microsoft Security Essentials and current Windows Defender are very good and do their job fine.

  8. ilev said on February 29, 2016 at 6:53 pm
    Reply

    “Windows Defender is the built-in antivirus solution”..

    Windows Defender is NOT an antivirus even according to Microsoft. It is an anti malware and even as such it is horrible, not to be used.

    For proper protection there are only 2 applications to choose from : Kaspersky and Bitdefender, in addition to common sense.

    1. Corky said on March 1, 2016 at 6:36 pm
      Reply

      Windows Defender used to only be anti malware, that changed when they released Security Essentials as it also targeted viruses, from Windows 8.x onwards Windows Defender took over the roll of Security Essentials basically they renamed Security Essentials to Windows Defender as it now uses the same definitions.

      Arguably Windows Defender/Security Essentials is probably perfectly OK for some people as Bill Bright said in the post above yours (something i agree with) if you practice good Internet/computer hygiene it’s unlikely that you’d have need of “proper” protection.

  9. Bill Bright said on February 29, 2016 at 5:03 pm
    Reply

    :( What was the point of this article?

    I think that is an unfortunate and inaccurate characterization of Windows Defender in the AV Test results – and more to my point, in the added commentary by the folks here at ghacks. Microsoft announced a couple years ago it will no longer concentrate on achieving good scores in those comparative reviews set in controlled environments of test laboratories.

    So IMO, ghacks (Martin’s) commentary is nothing short of biased. Why? Because again, what was the point of the article? Was it to point out the new Windows build includes a new feature (off-line, during boot scanning)? Or was it to take an opportunistic bash as Microsoft? I would appear it was the latter.

    The fact of the matter is, Windows Defender is designed to thwart “current” threats to “today’s” operating systems – not the 10s of 1000s of never seen threats found only in today’s testing labs (not currently in the “wild”).

    If Windows Defender were as bad as ghacks and Martin would like us to believe, there would be 100s of millions of infected users out there because the vast majority of users go with Windows defaults – and that includes Windows Defender and Windows Firewall, and typically nothing else.

    I like to say you don’t need an Abrams Tank to safely navigate the Internet and avoid malware. You just need to keep your system fully updated, use a decent antimalware solution (which includes Windows Defender and Windows Firewall) and “drive defensively” – that is, don’t partake in risky behavior like visiting illegal pornography and gambling sites, don’t do illegal file-sharing especially via Torrents and P2P sites, and most of all, don’t be “click-happy” on unsolicited links, attachments and downloads. And BTW, these are the steps we need to take regardless our security programs of choice.

    1. Corky said on March 1, 2016 at 6:28 pm
      Reply

      @Bill Bright, You say “:( What was the point of this article?” Isn’t it highlighting that people running Windows 10 can expect a future version to be capable of running Windows defender before the system boots?

      Maybe the reason you think that it’s an unfortunate and inaccurate characterization of Windows Defender because you have a short memory as only a few years ago Holly Stewart, senior program manager of the Microsoft Malware Protection Center, told Dennis Technology Labs that Microsoft made a decision to switch to what it calls a “baseline strategy”.

      The usefulness of AV test has always been something of a debatable topic but that’s no reflection on any author that uses them to compare products, it’s more a reflection of the tests themselves so maybe you should be directing your ire at them or suggesting a better way of testing AV products.

      1. Corky said on March 1, 2016 at 8:30 pm
        Reply

        @Bill Bright, Just checked out that link you posted and it’s probably not the most independent of sources seeing as the author spent 18 years working for Microsoft.

      2. Corky said on March 1, 2016 at 8:25 pm
        Reply

        @Bill Bright, Sorry i just don’t see that this article is saying that Windows Defender is not adequate, to not mention WD test scores would be remiss (IMO) of the author as if it wasn’t mentioned someone who doesn’t practice good internet/computer hygiene may well get infected and then blame the author for not mentioning it.

        Maybe you’re being rather defensive as it’s understandable when discussing Windows 10, for me this article is simply telling people how to run WD offline and making people aware of the AV test scores, how they interpret those test scores and if they’re comfortable with their internet/computer hygiene then that’s a choice that person makes, personally i would touch any of the full blown AV suites with a bargepole as they’re all to bloated IMO, at most i may use a one time scan.

      3. Bill Bright said on March 1, 2016 at 7:29 pm
        Reply

        Yes Corky! That is exactly the point of the article. So why take the opportunity to bash WD when not necessary, or the point.

        And you need to do some more research about what that baseline strategy means before deciding it means WD is not adequate for most users.

        Here is something that might shed some light – assuming you have an open mind: https://askleo.com/do-i-need-to-stop-using-microsoft-security-essentials/

        As far as my ire, again, I take YOU back to YOUR question – the point of the article. Was it to point out that WD Offline is now integrated into W10? Or was it to take an opportunistic swipe at WD?

  10. CHEF-KOCH said on February 29, 2016 at 7:27 am
    Reply

    All ransomeware malware here detected, can’t complain.

    1. GuitarBob said on April 1, 2016 at 11:18 pm
      Reply

      The scan on boot option can/should have been used on Win 8/8.1. Instead, users have to jump through hoops to do an offline scan.

      Regards,

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.