While Windows Security program in Windows 11/10 allows you to perform Quick, Full and Custom virus scans, it also provides the option to remove persistent and hard-to-detect malware using Microsoft Defender offline scan.
The Microsoft defender Offline Scan feature in Windows security is specifically designed to remove hard-to-detect malwares like NTRootki, Fame, Machiavelli and others, that have the ability to bypass Windows Shell and avoid being detected during regular malware scans.
When Microsoft Defender is used in offline mode, it scans the computer from outside Windows Kernel, which allows it to target Rootkit and other types of viruses, which might be hiding outside Windows shell environment on your computer.
1. Use Microsoft Defender Offline Scan in Windows 11
If you are using Windows 11, you can follow the steps below to scan your computer for malware using Microsoft Defender in offline mode.
1. Type Windows Security in the search bar and click on Windows Security System settings in the search results.
2. On Windows Security screen, click on Virus & Threat Protection.
3. On the next screen, click on Scan option located under “Current threats” section.
4. On the next screen, select Microsoft Defender Antivirus (offline scan) and click on Scan now button.
5. Wait for the offline scan to be completed, during which you will find your computer restarting multiple times.
2. Use Microsoft Defender Offline Scan in Windows 10
If you are using Windows 10, you can follow the steps below to remove malware from your computer using Microsoft Defender in offline mode.
1. Go to Settings > Update & security > select Windows Security in the left-pane and click on Virus & Threat Protection in the right-pane.
2. On the next screen, click on Scan Options.
3. On the next screen, select Microsoft Defender Offline scan option and click on Scan now.
4. On the pop-up, click on the Scan button to start the Offline Scan.
5. Patiently wait for the Offline Scan to be completed, after which you will find your computer restarting to the login screen.
Examine Offline Scan Results
Once your computer restarts, you can take a look at what was removed during Microsoft Defender Offline scan by clicking on Protection History link located below the scan summary.
On the next screen, you will see a listing of malware detected or removed during the Malware Scan on your computer.