{"id":177,"date":"2012-09-19T03:00:00","date_gmt":"2012-09-19T03:00:00","guid":{"rendered":"http:\/\/marcbook.local\/wds\/playground\/cybertrust\/2012\/09\/19\/microsofts-free-security-tools-windows-defender-offline\/"},"modified":"2023-05-15T23:06:27","modified_gmt":"2023-05-16T06:06:27","slug":"microsofts-free-security-tools-windows-defender-offline","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/09\/19\/microsofts-free-security-tools-windows-defender-offline\/","title":{"rendered":"Microsoft\u2019s Free Security Tools \u2013 Windows Defender Offline"},"content":{"rendered":"
This article in our series focused on Microsoft\u2019s free security tools is on a tool called Windows Defender Offline<\/strong>.\u00a0 Windows Defender Offline is a standalone software application that is designed to help detect malicious and other potentially unwanted software, including rootkits that try to install themselves on a PC.\u00a0 Once on a PC, this software might run immediately, or it might run at unexpected times. Windows Defender Offline works by scanning an operating system to check the authenticity of any communication the operating system has with the Internet. If there is an application deemed unsafe, it will alert the user and block the contents of the application until the user either accepts or denies the risk.<\/p>\n Many of the enterprise customers I talk to about malware have told me that when they find a system in their environment that is infected, they simply reformat the system and install a clean copy of their standard desktop or server image.\u00a0 They do this because for them it\u2019s the fastest, most efficient way to recover the system.\u00a0 In these types of situations, running Windows Defender Offline might help to resolve the issue and eliminate the need to reformat the system.\u00a0 It might also provide valuable information on the malware infection that could help to protect other systems in the environment.<\/p>\n The primary benefit of using this tool is that it runs before malware, such as rootkits, can hide. When you perform a post-event malware scan and remediation by running the scan on a system infected with advanced low-level malware, the malware has a chance to run first. The malware itself may be intercepting the antimalware software\u2019s attempts to inspect, take actions, or communicate to the user. When you run an \u201coffline\u201d tool like Windows Defender Offline, you\u2019re bringing your own known-good, clean operating environment with you along with the scanner. You are booting the computer from that clean operating environment, and then running the scanner and inspecting the potentially compromised hard disk\u2019s operating system, programs and data. As such, there\u2019s integrity in the system during the \u201coffline\u201d scan. Malware that\u2019s deeply rooted in the operating system won\u2019t have the opportunity to run and hide before the scanner starts. The malware exists on the disk where it can be found and mitigated but is not actually running, so it\u2019s inhibited from being able to intercept and interfere with the scanner\u2019s activities<\/p>\n Because Windows Defender Offline works from a clean environment, it’s a good idea if you can get access to another computer running Windows that you know is free from infection. You can use this “known-good” computer to download and install Windows Defender Offline onto removable media, such as a CD, DVD or USB flash drive, as described in Step #1 below. Using a second, known-good computer will ensure that any malware you may have on your infected PC doesn’t interfere with the download of Windows Defender Offline.\u00a0 If you can’t use a separate, known-good computer, then by all means it’s worth trying to download and install the tool with the infected PC, however Windows Defender Offline may not operate correctly.<\/p>\n To use Windows Defender Offline, you need to follow four basic steps:<\/p>\n Step #1<\/strong> Find a blank CD, DVD, or USB flash drive with at least 250 MB of free space. On a known-good (or \u201cuninfected\u201d) machine, download and run Windows Defender Offline \u2013 the tool will help you install it on your blank CD, DVD or USB flash drive:<\/p>\n <\/a><\/p>\n Step #2<\/strong> Insert the Windows Defender Offline media you created in Step #1 into the potentially infected PC and restart the PC.\u00a0 You will be prompted to run a scan:<\/p>\n <\/a><\/p>\n Step #3 Scan your PC for malicious and other potentially unwanted software.<\/p>\n