Recommended reading

How to use Windows Defender Offline in the Creators Update to remove malware

How-to
By last updated

How do you use Windows Defender Offline?

Windows Defender, an already powerful PC-protection tool before the release of the Creators Update, has been transformed into the Windows Defender Security Center. The refreshed app has a new layout to go along with its updated features.

One area that saw a redesign is Windows Defender Offline. The utility is now built right into the Windows Defender Security Center app and is now much easier to use. If you think your PC might be infected with som particularly aggressive malware, the following steps will help you ensure a quick cleanup.

When to use Windows Defender Offline

You might be wondering exactly why or when you'd want to use Windows Defender Offline, rather than the regular scan. Windows Defender Offline runs in an environment on your PC that doesn't let Windows 10 boot. And it's much easier to remove malware that's deeply embedded in an OS when the OS isn't running.

If your PC has come into contact with advanced or persistent malware, your PC might automatically alert you that it is trouble. In this case, it will likely recommend scanning offline. Even if Defender doesn't alert you and doesn't suggest using an offline scan, you can start one manually if you think your PC might be harboring something malicious.

How to use Windows Defender Offline

If you're ready to manually start an offline scan with Windows Defender, follow these steps. Alos, be sure to save any documents and close other running apps before you start.

  1. Launch Windows Defender Security Center from your Start menu, desktop or taskbar.
  2. Click Virus & threat protection.

  1. Click Advanced scan.
  2. Click Windows Defender Offline scan.

  1. Click Scan now.
  2. Click Scan.

Your computer will automatically restart, and Windows Defender Offline will boot instead of Windows 10. A scan will start, and the persistent malware should be removed. The entire process should take about 15 minutes.

When the scan is complete, your PC will restart again, this time booting Windows 10 normally.

How to see the offline scan results

Once your PC restarts, you can check to see what was removed.

  1. Launch Windows Defender Security Center from your Start menu, desktop or taskbar.
  2. Click Virus & threat protection.

  1. Click Scan history.
  2. Click See full history below Quarantined threats.

If any threats were quarantined during the scan, they will be shown there.

More resources

Be sure to have a look at our guide that covers the overall changes to Windows Defender Security Center, and also check out Senior Editor Zac Bowden's in-depth Creators Update review.

Cale Hunt
Cale Hunt
Contributor

Cale Hunt brings to Windows Central more than eight years of experience writing about laptops, PCs, accessories, games, and beyond. If it runs Windows or in some way complements the hardware, there’s a good chance he knows about it, has written about it, or is already busy testing it.