Extra Security: Windows Defender Offline

Category: Security

If you’re smart, you have a real-time internet security suite installed on your hard drive. It provides constant protection against viruses and other malware that may sneak into your computer. But no anti-malware program is foolproof; something may slip through its defenses and infect your hard drive. So what can you do if a really nasty virus disables your anti-malware protection, or fouls up your hard drive so Windows won't even start? Here's the answer...

When to Use an Offline Malware Scanner

If a virus is clever enough to disable your anti-virus program, render it ineffective, or foul up your hard drive's boot sector, you'll need something other than a standard anti-malware program to repair the damage. That’s when you need offline protection: a bootable CD or flash drive that bears an effective malware detection and removal program. I highly recommend that you make such an emergency kit and keep it handy. The alternative is to re-install Windows on the hard drive, possibly losing your files in the process.

Microsoft's Windows Defender Offline is a free emergency anti-malware program for Windows XP SP3, Vista, or Windows 7, 8, and 10 systems. You can download the 32-bit or 64-bit version from this page. If you're not sure which version you need, there's a link on the download page to help you determine if your PC is running the 32-bit or 64-bit version of Windows.)

When you run the installation program, it will prompt you for a blank CD, DVD, or flash drive with at least 250 MB of free space. I highly recommend using a flash drive as your Windows Defender Offline medium. Malware changes daily, and so does the malware signatures data file. A flash drive is re-writable, so Windows Defender Offline will download the latest signatures file if it is installed on a flash drive; not so with write-once optical media.

Windows Defender Offline

During installation, the latest database of malware signatures will be downloaded, so you will need an active Internet connection. Windows Defender Offline will be installed on the removable medium along with the signatures and files necessary to boot from the medium. Store the medium in a safe place until you need Windows Defender Offline.

To use Windows Defender Offline, restart your computer using the Windows Defender Offline medium instead of your hard drive. You may need to reconfigure your computer’s BIOS to get it to boot from removable media. That involves interrupting the boot process (usually by holding down the F2 key), entering the BIOS setup utility, and changing the order in which boot devices are tried during boot-up. The removable media device that holds Windows Defender Offline should be checked before the hard drive. When the system boots from the correct device, Windows Defender Offline will load.

You can then run a scan of your hard drive to detect malware. If any is found, you will have the option to try to remove it.

Microsoft Security Essentials or Windows Defender (the one on your hard drive, if it’s active) will prompt you to download Windows Defender Offline if they detect an infection that needs Windows Defender Offline. If you see such a prompt, follow its instructions.

No matter what real-time protection you use, Windows Defender Offline is a good, free backup in case your real-time protection is compromised or you cannot boot Windows because of a malware infection. Regular readers may remember that I've also mentioned the AVG Rescue CD, which is a similar tool. I honestly can't say if one is better than the other, but it's nice to have options.

Of course, a hard drive that doesn't boot up successfully doesn't necessarily indicate a virus. If your offline malware scanner doesn't detect any problems, and you're having trouble starting Windows, see my related article Help, My Hard Drive Died! for other tools you can try to revive a non-booting hard drive.

Do you have an offline malware scanner on a CD or USB drive, in case of a virus emergency? Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 17 Apr 2013

For Fun: Buy Bob a Snickers.

Prev Article:
Switching to Windows 8 Made Easier

The Top Twenty
Next Article:
Geekly Update - 18 April 2013

Most recent comments on "Extra Security: Windows Defender Offline"

Posted by:

Ronald Schumacher
17 Apr 2013


This anit-malware works like a champ and is the best I've ever used.

There are two versions; the free version and the pro-version (a one time payment of $24.00).

Go to: http://www.malwarebytes.org/, and download the free version. It gives you 30 days; I believe, of the pro-version for a trial use then swtitches you to the free version, with the option to buy the Pro-version.

After you download, run a scan (quick or full), and it will find any malware on your PC and then ask you if you want to delete it.

However; if you're PC is in a state where it won't boot up, and Malwarebytes isn't installed yet, download it onto a memory stick, boot up your PC to Safemode (Hit F8 I believe as you start to boot up), then load malwarebytes from the memory stick and run it.

I hope this helps.

Ron Schumacher

Posted by:

17 Apr 2013

Easy to save to a CD then run. Found an issue that both Spybot and Avast anti virus missed. Plan to run this program weekly in the future.

Posted by:

17 Apr 2013

O. K. Got Windows Defender Offline. Thank you Bob. Of course let us hope we never need to use it. Best regards, john.

Posted by:

17 Apr 2013

Running WDO from a boot CD will give you to opportunity to download the latest definitions before scanning. I just used a CD that I made several months ago, and it's still operable. Not to say the program itself may be updated, though.

Posted by:

17 Apr 2013

Rather than messing with the BIOS for boot priority, some cpmputers (Dell, for instance) allow a selection of boot devices by pressing F12 during POST.

Posted by:

17 Apr 2013

I have several AV programs on start up CDs. They all update their AV definitions despite being on CDs so why can't a Defender CD do the same?

Posted by:

Gerry Klappe
17 Apr 2013

Hi Bob, I use Stopzilla AVM 2013 for protection against viruses and malware. Regardless, I was attacked and had to pay a technician $80.00 to clean my computer. Now another technician tells me I should F4 the computer as the hacker could still enter. This worries me as all my banking is done on the computer. Thanks,


Posted by:

18 Apr 2013

If any of your readers use bit torrent clients, and if any of those clients are downloading from sites such TPB, please be aware that most AV programs will flag keygens and such as malware and quarantine the file. Means you have to go into the quarantine file and mark the necessary files as safe, restore them, and add them to the AV's exclusion list.

Not to assume that any of your readers use such sites...

Posted by:

18 Apr 2013

No one has mentioned that if you use the preferred flash drive method to store Windows Defender Offline, the drive must not be password protected, and it must be reformatted, thus deleting all data already on it.

Posted by:

18 Apr 2013

thanks for the info on off line windows defender going to try it out

Posted by:

27 Apr 2013

Thanks much for this article, but I have a question. Once I have downloaded Windows Defender Offline onto my flash drive, do I have to continue to check back in, say once a week, for the latest signatures and have them re-written onto the flash drive? You did say in the article that malware changes daily, and thus the signatures data file has to change, hence my question. Thanks much for your time.

Posted by:

28 Apr 2013

Had troubles on this desktop which AVg, Malwarebytes, and Spybot could not fix. Malware in the browsers and registry. Downloaded Adwcleaner from its French website. Click for English version of webpage. It notifies you of updated versions and definitions. You don't install it. Just run it. Which makes it portable. Run it while using your Windows operating system. Takes about 5 minutes with Windows 7 64 bit. Run it, reboot. Anyway, it sure gets this computer straightened out again. Also downloaded Comodo security essentials and ran that suite. Both are free. Adwcleaner really works.

Posted by:

23 Sep 2013

Bob~ Amazing irony.
As I was reading this terrific info, I got a call from my daughter.
While on Facebook, she "scrolled over" something and, BAM, got the most amazingly well done virus I have yet encountered.
It's a flavor of the "FBI" gotcha hostage-ware.
It pretends to be from Home Land Security and DEMANDS $300 dollars ransom.
Now here's the "admirable" part:
It preempts ALL attempts to Boot around it;
INCLUDING F2, F12, F8 attempts to Boot from CD/USB and when you F8 into Safe Boot, it throws a Reboot upon entering Safe mode and takes it back to restart.
Even though the Laptop is set to Boot 1st from CD, it somehow prevents that from occurring.
Have, just now, pulled the Hdd and am MBAMing it in a Dock on another machine.
Will post the outcome.
In the meantime; have you heard of this Thing yet?
AND, how to stomp it?

It's an excellent piece of work....the Bastard is really good.....

Posted by:

27 Oct 2013

Cho's shocking tale of his/her daughter's laptop being infected with such a clever piece of Ransomware, just by scrolling over something on Facebook is extremely worrying! Hope he/she manages to get rid of it with MBam via the external dock!

But what I wanted to ask Bob is how does Windows know which bootable program to boot from, when there may be several on your USB flash drive? Do you have to put the one you wish to boot from in the top level of the flash drive ie: not in any folder?

Posted by:

04 Feb 2014

Ransomware annihilates BIOS as well, such that one cannot configure the BIOS to start from the flash drive. Your best and only recourse is preventative medicine....scan all files before syncing to an external drive or cloud, on at least a weekly basis. It may take a couple of days to recover, but at least you are okay

Be wary of emails starting with "oops, sent the wrong file" having identical narratives, but with the sender's email ever so slightly altered; emails sent to more than one addee;

Posted by:

05 Jun 2014

All of these suggestions are well and dandy but I just cannot ask (or expect) all of my non-geeky friends/relatives/cohorts to actually go thru all of these procedures as this is like taking someone off the street and asking them to perform a lobotomy. UEFI (Unified Extensible Firmware Interface) be damned! As that would be one additional hurdle that they would have to jump over, as if they did not have a life to lead and worry about others things.
As for myself, I think I am going to play my usual ignorant self and pretend I did not read this and do nothing out of the ordinary. I am hoping that my usual methods of backing up often, imaging my hard disks and not keeping any personal data (including my multimedia files) in separate 6 separate disk drives (HDD/SSD) and networked/USB locations should be sufficient. I have instilled these measures on the rest of my crowd and have provided some automation for them to make these regular chores not so time consuming for them. Yes, I am depending a much luck to not become a victim with such ransomware but I am somewhat reckless with my system to the point that I no longer run much security protection (besides above described items) which leaves to rely strictly on my trusted FireFox protection w/o hanging at social networks and ONLY relying on Microsoft Security Essentials/Defender. I know that is asking for potential problems but...

Posted by:

Ken Sass
24 Jan 2018

Hi Bob,
What about Win 10 and Windows Defender Offline; is the latter ok to use on Win 10?

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML

Article information: AskBobRankin -- Extra Security: Windows Defender Offline (Posted: 17 Apr 2013)
Source: https://askbobrankin.com/extra_security_windows_defender_offline.html
Copyright © 2005 - Bob Rankin - All Rights Reserved