Privacy and Security Run Microsoft Defender Offline Scan in Windows 11


  • Staff
Windows_Security_banner.png

This tutorial will show you how to manually run a Microsoft Defender Offline scan of your PC in Windows 10 and Windows 11.

Microsoft Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR).

You can use Microsoft Defender Offline if you suspect a malware infection, or you want to confirm a thorough clean of the endpoint after a malware outbreak.


You must be signed in as an administrator to run a Microsoft Defender Offline scan.


Microsoft Defender Offline Scan log files are stored as a MPLog-YYYYMMDD-HHMMSS.log file located in the C:\Windows\Microsoft Antimalware\Support folder.

Micosoft_Defender_Offline_scan_log.png



Contents

  • Option One: Run Microsoft Defender Offline Scan from Command
  • Option Two: Run Microsoft Defender Offline Scan from Windows Security




Option One

Run Microsoft Defender Offline Scan from Command


1 Open Windows Terminal (Admin). and select either Windows PowerShell or Command Prompt.

2 Copy and paste the PowerShell Start-MpWDOScan command into Windows Terminal (Admin), and press Enter. (see screenshot below)

This will restart your computer, be sure to save and close everything first.


3 Continue at step 6 in Option Two.




Option Two

Run Microsoft Defender Offline Scan from Windows Security


1 Open Windows Security.

2 Click/tap on Virus & threat protection. (see screenshot below)

Micosoft_Defender_Offline_scan-1.png

3 Click/tap on the Scan options link under Current threats. (see screenshot below)

Micosoft_Defender_Offline_scan-2.png

4 Select (dot) Microsoft Defender Offline scan, and click/tap on Scan now. (see screenshot below)

Micosoft_Defender_Offline_scan-3.png

5 Click/tap on Scan to confirm. (see screenshot below)

This will restart your computer, be sure to save and close everything first.


Micosoft_Defender_Offline_scan-3b.png

6 You will now see a message that You're about to be signed out to restart your computer in less than a minute to run the offline scan. (see screenshot below)

Micosoft_Defender_Offline_scan-4.png

7 When your computer restarts, you will see Microsoft Defender Offline loading. (see screenshot below)

Micosoft_Defender_Offline_scan-5.png

8 Microsoft Defender Offline will now perform a quick scan of your PC in the recovery environment. (see screenshot below)

Micosoft_Defender_Offline_scan-6.png

9 When the offline scan has finished, your PC will automatically restart to Windows.


That's it,
Shawn Brink


 

Attachments

  • Windows_Security.png
    Windows_Security.png
    6 KB · Views: 126
Last edited:
Where are the results stored? I looked in C:\Windows\Microsoft Antimalware\Support but only see these files with no content:
 

Attachments

  • defender.png
    defender.png
    14.4 KB · Views: 11

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    CPU
    Core i7-13700K
    Motherboard
    Asus TUF Gaming Plus WiFi Z790
    Memory
    64 GB Kingston Fury Beast DDR5
    Graphics Card(s)
    Gigabyte GeForce RTX 2060 Super Gaming OC 8G
    Sound Card
    Realtek S1200A
    Monitor(s) Displays
    Viewsonic VP2770
    Screen Resolution
    2560 x 1440
    Hard Drives
    Kingston KC3000 2TB NVME SSD & SATA HDDs & SSD
    PSU
    EVGA SuperNova G2 850W
    Case
    Nanoxia Deep Silence 1
    Cooling
    Noctua NH-D14
    Keyboard
    Microsoft Digital Media Pro
    Mouse
    Logitech Wireless
    Internet Speed
    15 Mb / s
    Browser
    Chrome
    Antivirus
    Defender
Where are the results stored? I looked in C:\Windows\Microsoft Antimalware\Support but only see these files with no content:
Hello Steve, :alien:

Normally, it would be the MPLog-YYYYMMDD-HHMMSS.log file that contains anything logged.

Did the offline scan successfully start and finish?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1 14-eu0098nr (2024)
    CPU
    Intel Core Ultra 7 155H 4.8 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Graphics card(s)
    Integrated Intel Arc
    Sound Card
    Poly Studio
    Monitor(s) Displays
    14" 2.8K OLED multitouch
    Screen Resolution
    2880 x 1800
    Hard Drives
    2 TB PCIe NVMe M.2 SSD
    Internet Speed
    Intel Wi-Fi 7 BE200 (2x2) and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender and Malwarebytes Premium
Hello Steve, :alien:

Normally, it would be the MPLog-YYYYMMDD-HHMMSS.log file that contains anything logged.

Did the offline scan successfully start and finish?
Yes, it scanned up to 100% offline then restarted the PC. It's not a user friendly function is it?
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    CPU
    Core i7-13700K
    Motherboard
    Asus TUF Gaming Plus WiFi Z790
    Memory
    64 GB Kingston Fury Beast DDR5
    Graphics Card(s)
    Gigabyte GeForce RTX 2060 Super Gaming OC 8G
    Sound Card
    Realtek S1200A
    Monitor(s) Displays
    Viewsonic VP2770
    Screen Resolution
    2560 x 1440
    Hard Drives
    Kingston KC3000 2TB NVME SSD & SATA HDDs & SSD
    PSU
    EVGA SuperNova G2 850W
    Case
    Nanoxia Deep Silence 1
    Cooling
    Noctua NH-D14
    Keyboard
    Microsoft Digital Media Pro
    Mouse
    Logitech Wireless
    Internet Speed
    15 Mb / s
    Browser
    Chrome
    Antivirus
    Defender
Yes, it scanned up to 100% offline then restarted the PC. It's not a user friendly function is it?

It would be better if it would wait for you to approve the restart after the scan has finished so one could review the results first.

I just tested an offline scan on build 25987 (Canary), and it populated the log file on my system.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1 14-eu0098nr (2024)
    CPU
    Intel Core Ultra 7 155H 4.8 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Graphics card(s)
    Integrated Intel Arc
    Sound Card
    Poly Studio
    Monitor(s) Displays
    14" 2.8K OLED multitouch
    Screen Resolution
    2880 x 1800
    Hard Drives
    2 TB PCIe NVMe M.2 SSD
    Internet Speed
    Intel Wi-Fi 7 BE200 (2x2) and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender and Malwarebytes Premium
Back
Top Bottom