How-To Geek

How to Find and Remove Malware With Windows Defender Offline

Microsoft has long offered a “Windows Defender Offline” tool you can use to perform malware scans from outside of Windows. With Windows 10’s Anniversary Update, this tool is included with Windows, and even easier to launch. Here’s how to use it, no matter which version of Windows you’re on.

Windows Defender may prompt you to download and run Windows Defender Offline if it finds malware it can’t remove. But, if you’re concerned your computer might be infected, it’s worth running an offline scan with something like Windows Defender Offline just to be safe.

Why an “Offline” Scan Is So Useful

This tool is called “Windows Defender Offline” because it scans when Windows isn’t running. Rather than attempting to run from within Windows and scan your computer while Windows is running–and malware could be running in the background–it restarts your computer into a clean environment and scans from outside of Windows.

Since the tool scans while Windows isn’t running, any malware that might be running inside Windows can’t interfere. Some rootkits may hide from Windows during the bootup process, but be detectable when running a scan from outside Windows. Some malware may hook so deep into Windows that it can’t be removed while Windows is running, but can be removed if you run a standalone scan outside the OS.

This tool is essentially an antivirus boot disc, but integrated into Windows 10 and easier to run. (And if you’re on Windows 7 or 8.1, you can make a disc and run it yourself.)

How to Run Windows Defender Offline on Windows 10

Assuming you’ve upgraded to the Anniversary Update, you can do this in one click from within Windows 10. You won’t find this option in the Windows Defender desktop application, however. It’s only located in the Settings app.

Head to Settings > Update & Security > Windows Defender. Scroll down and click the “Scan Offline” button under Windows Defender Offline.


After you click this button, your computer will automatically reboot and begin scanning your PC for malware. The scan may take up to fifteen minutes. If any malware is found, you’ll be prompted to clean it up from within the Windows Defender Offline interface. If no malware is found, your computer will automatically boot back into Windows once the scan is complete.

How to Run Windows Defender Offline on Windows 7 and 8.1

For previous versions of Windows, you can download Windows Defender Offline, create a bootable USB drive, CD, or DVD, and boot the Windows Defender Offline tool on the PC. This works identically to the Windows Defender Offline feature on Windows 10, but requires you create the bootable media and boot it up yourself.

Microsoft recommends creating bootable media on a known-clean computer. Malware can interfere with the media creation process if it’s running in the background, so if you’re concerned your current PC might be infected, use another PC to download Windows Defender Offline and create the media.

Head to the Windows Defender Offline download page, scroll down, and download either the 32-bit or 64-bit version depending on whether your PC is running a 32-bit or 64-bit version of Windows. Here’s how to check.

Run the downloaded msstool64.exe or msstool32.exe file and you’ll be prompted to create installation media on a USB drive, or burn it to a CD or DVD. You can also have the tool create an ISO file, which you can burn to a disc yourself using your preferred disc-burning program. The tool will create Windows Defender Offline media containing the latest virus definitions.

If you use a USB drive, the drive will be reformatted and any data on it will be erased. Be sure to back up any important data from the drive first.

Once you’ve created the USB drive, CD, or DVD, you’ll need to remove it from your current computer and take it to the computer you want to scan. Insert the USB drive or disc into the other computer and restart the computer.

Boot from the USB drive, CD, or DVD to run the scan. Depending on the computer’s settings, it may automatically boot from the media after you restart it, or you may have to press a key to enter a “boot devices” menu or modify the boot order in the computer’s UEFI firmware or BIOS.

Once you’ve booted from the device, you’ll see a Windows Defender tool that will automatically scan your computer and remove malware. It works identically to Windows Defender Offline on Windows 10, and it’s the same interface you’d see in Microsoft Security Essentials on Windows 7 and Windows Defender on Windows 8.1.

After the scan is complete and you’re done with the tool, you can reboot your computer and remove the Windows Defender Offline media to boot back into Windows.

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 08/9/16
  • gary

    I don't know when this piece was written but I tried it and there is no Windows Defender Offline. I have Windows 10. I even went to MS web site and it is not there also. So you may want to delete this article .

  • Scott

    Works for me on Win 10 Anniversary-

  • gary

    How you got Win 10 Anniversary is they must have given it to you. Did a search and it was released on Aug 2 but it has still not rolled out to us common folk yet. From what I read you cannot even request it yet. I also did the "Check for updates" on my computer and nothing like that d/l. One person said that he had 75% of it downloaded and it crashed on him. Maybe I should wait until they get the bugs out of it first. The Windows Defender Offline sounds good to me though.

    Did find this on it.

    Then I did what they said going to "Learn More" and got to this:

    Still think I will wait. It will probably have problems with it.


  • Scott

    With all due respect, you may want to tone down your rhetoric.

  • Geeker

    I wonder since Windows 10 Defender offline is built into Windows, could Malware infect it while being loaded outside of the operating system when Windows Defender Offlne is scanning?

  • Whitson Gordon

    And here's the link to that page where you can update.

  • Scott

    Yup, it's the same link that @gsohlman posted and the one I quoted from.

  • Whitson Gordon


    Sorry, I must have missed that link! IGNORE ME

  • Scott

    And here I was thinking I had cornered the facepalm market.

  • Mike Cocorahs

    The article clearly states that you can acquire this tool and use it with Windows 7 and 8.1 TOO. If you follow the link provided you will not find any download links. So yes, there is still a problem with this article. I tried firefox, chrome and IE with no success.

  • gary

    How would you compare Windows Defender Offline vs Malwarebytes? Which do you think is better?

    I run Malwarebytes every so often. Have to admit the Offline sounds good. Guess it just disconnects the computer from the internet and does it's thing.

  • Yes, it appears that the link goes to a page that is only relevant for W10 Anniversary.

    My problem is that with W10 Anniversary on a particular C, the Windows 10 Offline does nothing -- just sits there after clicking the button. Therefore, I was looking for a USB boot solution to check for viruses from a cold boot.

  • Frank

    yes, this link does NOT offer downloads "", so where to now ?

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!