Windows Security Logo Header hiding in W11 logo

Microsoft has long offered a “Microsoft Defender Offline” tool you can use to perform malware scans from outside of Windows. With Windows 10’s Anniversary Update, this tool is included with Windows, and even easier to launch. Here’s how to use it, no matter which version of Windows you’re on.

Microsoft Defender —formerly known as Windows Defender — may prompt you to download and run Microsoft Defender Offline if it finds malware it can’t remove. But, if you’re concerned your computer might be infected, it’s worth running an offline scan with something like Microsoft Defender Offline just to be safe.

Why an “Offline” Scan Is So Useful

RELATED: How to Use An Antivirus Boot Disc or USB Drive to Ensure Your Computer is Clean

This tool is called “Microsoft Defender Offline” because it scans when Windows isn’t running. Rather than attempting to run from within Windows and scan your computer while Windows is running–and malware could be running in the background–it restarts your computer into a clean environment and scans from outside of Windows.

Note: If the drive you want to scan is encrypted — like with BitLocker — the offline scanner probably will not work without you providing a recovery key.

Since the tool scans while Windows isn’t running, any malware that might be running inside Windows can’t interfere. Some rootkits may hide from Windows during the bootup process, but be detectable when running a scan from outside Windows. Some malware may hook so deep into Windows that it can’t be removed while Windows is running, but can be removed if you run a standalone scan outside the OS.

This tool is essentially an antivirus boot disc, but integrated into Windows 10 and Windows 11, and easier to run.

Tip: If you’re on Windows 7 or 8.1, you can make a disc and run it yourself.

How to Run Microsoft Defender Offline on Windows 11

  1. Open the Settings App, then click “Privacy and Security.”
  2. Click “Open Windows Security” go to “Virus & Threat Protection.”
  3. Click “Scan Options.” Select “Offline Scan” and then hit “Scan Now.”

Windows 11, like its predecessor, comes packaged with Microsoft Defender. Open the Windows Security application by clicking on the blue shield icon on the task bar, or through the Settings app. Click the Start button, then type “Settings” into the search bar, and hit Enter or click “Open.”

Click Privacy and Security > Windows Security > Open Windows Security.

Select "Privacy and Security" and then "Open Windows Security."

Click “Virus & Threat Protection.”

Scroll down and select “Microsoft Defender Offline Scan,” and then click “Scan Now.”

Click “Scan” in the popup and your Windows 11 PC will restart itself and begin the scan.

How to Run Microsoft Defender Offline on Windows 10

  1. Launch the Windows Security app from the taskbar or Settings App
  2. Go to “Virus & Threat Protection,” then click “Scan Options.”
  3. Select “Microsoft Defender Offline Scan,” then click “Scan Now.”

The offline scan is in the Windows Security app in Windows 10. Click the Start button, type “Windows Security” into the search bar, and then hit Enter or click “Open.

Then select Virus & threat protection, click “Scan options” under Current threat.

Select “Microsoft Defender Offline scan” to choose an offline scan. Click “Scan now” to perform the scan.

RELATED: What's the Best Antivirus for Windows 10 and 11? (Is Microsoft Defender Good Enough?)

After you click this button, your computer will automatically reboot and begin scanning your PC for malware. The scan may take up to fifteen minutes. If any malware is found, you’ll be prompted to clean it up from within the Microsoft Defender Offline interface. If no malware is found, your computer will automatically boot back into Windows once the scan is complete.

How to Run Microsoft Defender Offline on Windows 7 and 8.1

RELATED: How Do I Know if I'm Running 32-bit or 64-bit Windows?

  1. Go to Microsoft website and download the offline scanner.
  2. Run the executable and create your bootable media (a USB drive or CD/DVD)
  3. Restart your computer and boot from the offline scanner.

For previous versions of Windows, you can download Microsoft  Defender Offline, create a bootable USB drive, CD, or DVD, and boot the Microsoft Defender Offline tool on the PC. This works identically to the Microsoft Defender Offline feature on Windows 10, but requires you create the bootable media and boot it up yourself.

Microsoft recommends creating bootable media on a known-clean computer. Malware can interfere with the media creation process if it’s running in the background, so if you’re concerned your current PC might be infected, use another PC to download Microsoft Defender Offline and create the media.

Head to the Microsoft Defender Offline download page, scroll down, open the section titled “Using Microsoft Defender Offline on Windows 7 and Windows 8.1,” and download either the 32-bit or 64-bit version depending on whether your PC is running a 32-bit or 64-bit version of Windows. Here’s how to check.

Select the right version for your PC.

Run the downloaded msstool64.exe or msstool32.exe file and you’ll be prompted to create installation media on a USB drive, or burn it to a CD or DVD. You can also have the tool create an ISO file, which you can burn to a disc yourself using your preferred disc-burning program. The tool will create Microsoft Defender Offline media containing the latest virus definitions.

If you use a USB drive, the drive will be reformatted and any data on it will be erased. Be sure to back up any important data from the drive first.

Microsoft Defender offline scan creation tool.


Once you’ve created the USB drive, CD, or DVD, you’ll need to remove it from your current computer and take it to the computer you want to scan. Insert the USB drive or disc into the other computer and restart the computer.

RELATED: How to Boot Your Computer From a Disc or USB Drive

Boot from the USB drive, CD, or DVD to run the scan. Depending on the computer’s settings, it may automatically boot from the media after you restart it, or you may have to press a key to enter a “boot devices” menu or modify the boot order in the computer’s UEFI firmware or BIOS.

Once you’ve booted from the device, you’ll see a Microsoft Defender tool that will automatically scan your computer and remove malware. It works identically to Microsoft Defender Offline on Windows 10 and 11.

Microsoft Defender Offline running.

After the scan is complete and you’re done with the tool, you can reboot your computer and remove the Microsoft Defender Offline media to boot back into Windows.

Profile Photo for Chris Hoffman Chris Hoffman
Chris Hoffman is Editor-in-Chief of How-To Geek. He's written about technology for over a decade and was a PCWorld columnist for two years. Chris has written for The New York Times and Reader's Digest, been interviewed as a technology expert on TV stations like Miami's NBC 6, and had his work covered by news outlets like the BBC. Since 2011, Chris has written over 2,000 articles that have been read more than one billion times---and that's just here at How-To Geek.
Read Full Bio »
Profile Photo for Nick Lewis Nick Lewis
Nick Lewis is a staff writer for How-To Geek. He has been using computers for 20 years --- tinkering with everything from the UI to the Windows registry to device firmware. Before How-To Geek, he used Python and C++ as a freelance programmer. In college, Nick made extensive use of Fortran while pursuing a physics degree.
Read Full Bio »