This tutorial will show you how to manually run a Microsoft Defender Offline scan of your PC in Windows 10 and Windows 11.
Microsoft Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR).
You can use Microsoft Defender Offline if you suspect a malware infection, or you want to confirm a thorough clean of the endpoint after a malware outbreak.
You must be signed in as an administrator to run a Microsoft Defender Offline scan.
Microsoft Defender Offline Scan log files are stored as a MPLog-YYYYMMDD-HHMMSS.log file located in the C:\Windows\Microsoft Antimalware\Support folder.
Contents
- Option One: Run Microsoft Defender Offline Scan from Command
- Option Two: Run Microsoft Defender Offline Scan from Windows Security
1 Open Windows Terminal (Admin). and select either Windows PowerShell or Command Prompt.
2 Copy and paste the
PowerShell Start-MpWDOScan
command into Windows Terminal (Admin), and press Enter. (see screenshot below)This will restart your computer, be sure to save and close everything first.
3 Continue at step 6 in Option Two.
1 Open Windows Security.
2 Click/tap on Virus & threat protection. (see screenshot below)
3 Click/tap on the Scan options link under Current threats. (see screenshot below)
4 Select (dot) Microsoft Defender Offline scan, and click/tap on Scan now. (see screenshot below)
5 Click/tap on Scan to confirm. (see screenshot below)
This will restart your computer, be sure to save and close everything first.
6 You will now see a message that You're about to be signed out to restart your computer in less than a minute to run the offline scan. (see screenshot below)
7 When your computer restarts, you will see Microsoft Defender Offline loading. (see screenshot below)
8 Microsoft Defender Offline will now perform a quick scan of your PC in the recovery environment. (see screenshot below)
9 When the offline scan has finished, your PC will automatically restart to Windows.
That's it,
Shawn Brink
Last edited: