How to use Windows Defender Offline in the Creators Update to remove malware

Windows Defender, an already powerful PC-protection tool before the release of the Creators Update, has been transformed into the Windows Defender Security Center. The refreshed app has a new layout to go along with its updated features.

One area that saw a redesign is Windows Defender Offline. The utility is now built right into the Windows Defender Security Center app and is now much easier to use. If you think your PC might be infected with som particularly aggressive malware, the following steps will help you ensure a quick cleanup.

When to use Windows Defender Offline

You might be wondering exactly why or when you'd want to use Windows Defender Offline, rather than the regular scan. Windows Defender Offline runs in an environment on your PC that doesn't let Windows 10 boot. And it's much easier to remove malware that's deeply embedded in an OS when the OS isn't running.

If your PC has come into contact with advanced or persistent malware, your PC might automatically alert you that it is trouble. In this case, it will likely recommend scanning offline. Even if Defender doesn't alert you and doesn't suggest using an offline scan, you can start one manually if you think your PC might be harboring something malicious.

How to use Windows Defender Offline

If you're ready to manually start an offline scan with Windows Defender, follow these steps. Alos, be sure to save any documents and close other running apps before you start.

  1. Launch Windows Defender Security Center from your Start menu, desktop or taskbar.
  2. Click Virus & threat protection.

  1. Click Advanced scan.
  2. Click Windows Defender Offline scan.

  1. Click Scan now.
  2. Click Scan.

Your computer will automatically restart, and Windows Defender Offline will boot instead of Windows 10. A scan will start, and the persistent malware should be removed. The entire process should take about 15 minutes.

When the scan is complete, your PC will restart again, this time booting Windows 10 normally.

How to see the offline scan results

Once your PC restarts, you can check to see what was removed.

  1. Launch Windows Defender Security Center from your Start menu, desktop or taskbar.
  2. Click Virus & threat protection.

  1. Click Scan history.
  2. Click See full history below Quarantined threats.

If any threats were quarantined during the scan, they will be shown there.

More resources

Be sure to have a look at our guide that covers the overall changes to Windows Defender Security Center, and also check out Senior Editor Zac Bowden's in-depth Creators Update review.

Cale Hunt
Senior Editor, Laptop Reviews

Cale Hunt is a Senior Editor at Windows Central. He focuses mainly on laptop reviews, news, and accessory coverage. He's been reviewing laptops and accessories full time since 2016, with hundreds of reviews published for Windows Central. He is an avid PC gamer and multi-platform user, and spends most of his time either tinkering with or writing about tech.

6 Comments
  • I will try Windows Defender offline scan for sure🙋
  • hmm... interesting.
  • Very useful article. Thanks. 👍
  • Yes, thanks.
  • I use Windows Defender in conjunction with Malwarebytes and Voodooshield. A nice combination which does not use too many recourses. I run the offline scan occasionally as a "just to be sure". Malwarebytes is just a nice protection to have, and Voodooshield I only used for about 2 weeks now but I like the snapshot idea, and it does warn me occasionally if something wants to run that is not within the snapshot.
    Safe browsing habits are a must of course but good protection is either way just an absolute necessity.
  • very good and useful article. good job, especially with the details.