How-To Geek

How to Create a Bootable Offline Version of Windows Defender

We’ve shown you many methods of removing viruses over the years, but now Microsoft has released a stand-alone version of Windows Defender, their own anti-malware application. Here’s how to make a bootable USB to scan for viruses.

We should point out that you can also scan your PC with a BitDefender boot disk, a Kapersky boot disk, an Avira boot disk, or even an Ubuntu Live CD, but this is one more tool to add into your toolkit.

Creating a Bootable USB

Head over to this website and download the latest version of Windows Defender Offline that matches your current system architecture.


Once the download has completed, double click on the package to get started.


When the Windows Defender Offline wizard starts, click next to continue


After you have accepted the license terms, you will be asked which type of media you will installing Windows Defender on, at this point choose to create a bootable USB.

Note: Please make sure that your USB does not have Bit-Locker encryption on it, as this will not work.


We are warned that our USB will need to be formatted before we continue, this means all the data on our USB will be lost, if this is ok click next.


Now the Definitions and files needed to make a USB bootable version of Windows Defender will be downloaded, and the USB will be created.


When Windows has finished creating the USB, you will be notified, along with further instructions.


Now the only thing that’s left to do, is boot an infected PC from the USB and initiate a scan, which is exactly the same as if you were to do it from within Windows. If you wanted you could also create a bootable CD\DVD, or even create an ISO file which can later be burned to disk. Regardless of the media you use to create your installation, this should definitely be added to your PC toolbox.

If you want to update your offline version of Windows Defender with the latest virus definitions and you used rewritable media like a USB drive, you can just run the tool again and point it the same location.

Taylor Gibb is a Microsoft MVP and all round geek, he loves everything from Windows 8 to Windows Server 2012 and even C# and PowerShell. You can also follow him on Google+

  • Published 12/21/11

Comments (23)

  1. Yashar

    What happens when there is a update? do you keep on making CD’s.. not good

  2. Dances with Cureloms

    Very timely. Co-worker’s home computer got infected by his son (who just got home from school break).


  3. Chris Haworth

    Just download YUMI from and create a bootable USB drive where you can then install multiple ISO files and select them at bootup. You can then install all your boot cd’s onto one handy USB drive.

  4. burnnoticefan

    I have Microsoft’s Standalone System Sweeper on a USB stick. Any difference between this and Offline Defender, or just repackaged? If so will download, otherwise will keep Sweeper. Thanks!!

  5. Arturo Toscano

    If working with a USB flash drive, you should purchase the type that has a physical write protection to avoid having the USB drive infected when scanning the suspect PC. Braqnds such as Imation, Verbatim, Kanguru and others have this feature that will help you reuse the USB drive time and time again without having to worry about the USB drive having been infected in one of the previous scans.

  6. Kevin James Lausen

    I will put this in my ultimate bootable rescue disk toolbox…might be a while b4 I use it because I don’t use windows at home anymore…

  7. Harry

    @Yashar: Some people are never satisfied.

  8. Mar

    @Yashar: In case you need to use it to repair a computer you can download the latest version and make the CD. You don’t need to make it now to repair a computer that is going to be infected in 6 months. It’s pointless!

  9. Al

    @Yashar – You can update definitions from within Defender once you’ve booted to it and it’s running. Probably easier via wired connection but possible via wi-fi depending on drivers.

    @burnnoticefan – Appears to be the same thing. New beta version with a new name.

  10. Dan

    Of the 4 which 1 is the best. Or dose each 1 do something different.

  11. TBerg

    I was running Security Essentials, and tried to get Windows Defender to install. It won’t. So I did some research and the popular opinion seemed to be that SE includes Windows Defender, so it is unnecessary or redundant to use both -besides Win Defender being an unwilling participant in that area. The problems are: Twice in one week I was infected by malware. “System Fix”, and some other stupid Rogue that did about the same thing only the 2nd one didn’t set the Hide attribute on almost every file.. I lost a lot of respect for Security Essentials, and was reminded of the old addage -you get what you pay for. I am currently running BOTH Security Essentials and Trend Micro’s Titanium Internet 30 day trial. They seem to work well together AND, in the first day I was using the new stuff from Trend, a facebook fishing expedition triggered a warning message from the Trend package. Nothing from SE… So, IMHO the microsoft stuff is not good for the level of protection I need, and I am going to purchase the Trend stuff when my 30 day trial expires.

  12. TBerg

    Second thoughts… Does anyone know if this is in fact true… That running Security Essentials includes the Windows Defender package? If I go to the Action Center in Control Panel, I see that the Security essentials is turned on and the Windows Defender is set to OFF. Also, anyone have any input on the stuff from Trend Micro. it seems to run well WITH the Sec Essentials… and from what I gather from the Trend site there are no reported conflicts with SE. I figure two AV programs are better than one, but- is the additional CPU load warrant 2? I am running this on my main system -a 2.0 Ghz processor with 4 G of RAM. Also, has anyone compared Trend stuff (IN REAL LIFE -not some paid for magazine comparison) with any other AV programs..

    Also, a tip for those who unfortunately do get infected: This sight has some very good and useful info on eradicating malware. -I know -I been there. -I am a 2nd year Info Sec student, so it was some good experience to learn how to eradicate these nasty creations without losing any data;-)

  13. DragonDon

    Having playing woth technology for over 30 year, I can. Say that I have a pretty good idea of what works and what doesn’t. First an AV. Back in the ‘good ol DOS days’ Norton was popular but most people tended ti McAf

  14. DragonDon

    Having playing woth technology for over 30 year, I can. Say that I have a pretty good idea of what works and what doesn’t. First an AV. Back in the ‘good ol DOS days’ Norton was popular but most people tended towards McAfee. Now I have found that AVG has been absolutely invaluable and has both xkvered my a$$ and helped many of my clients keeo a clean machine. Of course this is but kne side of the ‘infection’ coin. Spyware is another. While it is nice to have everything in kn oackage I have come to understand that this is a big liability when it comes to efficiency. Currently I have ZERO faith I’m any Norton products. Bloated package that has not protected so many systems than I care to count. I have detailed the tiols I have found to work best in a number of articles that either I wrote or from a source I trusted to explain how things work without getting too techie. Feel free to check them out on my site.

  15. DragonDon

    In regards tk this article, I fully belive an offline solution is best. There is no way for a virus to run from the HD if said HD is not rinning an OS on it :) so anything that can both scan & repair without having to boot is a far better way to fix a system. Thanks for the article!

  16. Taylor Gibb

    Guys, most of us at HTG, dont even run an anti-virus, common sense is always the best protection, in ultra rare, and it really is rare, that we don get infected we either use an online scanner or one of the many boot able solutions out there :) Knowledge is power :)

  17. Dark Reality

    I was not aware Defender was still around, and was under the impression that Security Essentials replaced it. SE doesn’t “include malware”, per se, it’s just an “all-in-one” kind of thing. It doesn’t differentiate, it’s all under the same umbrella. It has caught malware for me in the past. Defender had a busier interface; SE is pretty much just update and scan, with a scheduler.

  18. Dan

    @TBerg, try Avast and SE together, they work together fine. SE clean PC, Avast puts it in AutoSandbox when viruses of malware attacks. Also SE is an upgrade from Defender. Soon if not already Defender willn’t be around.

  19. zapper067

    What about the same thing but security essentials?

  20. Augustine Correa

    Instead of USB i burnt it to a DVD …..My laptop screen only shows “Press any key to boot from CD or DVD” …even after pressing the key. I gave waited upto 20 minutes and I have done this multiple times but to no avail.

  21. Steven

    windows defender on a usb? no thanks i’d rather have a security essentials bootable usb

  22. spell checker

    Some would undoubtfully benefit from a bootable spell checker. Others what you post just makes no sense at all. Maybe just lurk until you get your G.E.D.

  23. Anonymous

    One thing you forgot to mention is that MSSS needs to have Internet access in order to update it’s virus definitions database. I seem to recall that you can save newer definitions if booting from a USB as described. But you definitely can’t update or save newer MSSS virus definitions if booting from optical media like a DVD/CD nor if you are multi-booting either. (Multi booting other OS’s along with MSSS using Yumi, Sardu or something like that.) That is, unless you have also prepared your USB with “persistence” and somehow configured MSSS to use it. Same goes for Avira, Acronis, Kaspersky and anyone else. Because without “persistence” the infected PC will need an active connection to the Internet to update (which is OK so long as you don’t actually boot your infected Windows). And finally, downloading these virus definitions can get rather cumbersome since these databases (and files) seem to get bigger and bigger every day (which is another good reason to use persistence so that you can save bandwidth, particularly in situations where you might not have it).

Other How-To Geek Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!