Aug 20, 2015

How does Windows Defender Offline work?

How is Windows Defender Offline different from “normal” Windows Defender? What does it do differently and how is it activated?
Windows Defender Offline is a bootable standalone app, which lets you run it on your computer without loading or disturbing malware files that might otherwise effect the integrity of the removal tool. To use it - you boot into Windows Defender Offline CD/USB you created (recommended to do on a not-infected machine), and run a scan.
Here’s how Microsoft describes it: “The primary benefit of using this tool is that it runs before malware, such as rootkits, can hide. When you perform a post-event malware scan and remediation by running the scan on a system infected with advanced low-level malware, the malware has a chance to run first. The malware itself may be intercepting the antimalware software’s attempts to inspect, take actions, or communicate to the user. When you run an “offline” tool like Windows Defender Offline, you’re bringing your own known-good, clean operating environment with you along with the scanner. You are booting the computer from that clean operating environment, and then running the scanner and inspecting the potentially compromised hard disk’s operating system, programs and data. As such, there’s integrity in the system during the “offline” scan. Malware that’s deeply rooted in the operating system won’t have the opportunity to run and hide before the scanner starts. The malware exists on the disk where it can be found and mitigated but is not actually running, so it’s inhibited from being able to intercept and interfere with the scanner’s activities.”
Answer this