This guide explains how to launch Windows Defender Offline and use it to perform an offline virus scan on a computer running Windows 10.
Windows Defender Offline is a malware scanning tool that allows you to boot and run a scan from a trusted environment. The scan runs outside the regular Windows kernel, making it effective against threats that try to bypass Windows, such as viruses and rootkits that infect or overwrite the master boot record.
You can use Windows Defender Offline if you suspect your computer is infected with malware or if you want to ensure that your system is completely clean after a malware outbreak.
To run an offline scan with Windows Defender, you must be signed in with administrative privileges.
Windows Defender Offline uses the latest protection updates available on your device. However, it’s recommended to update the Defender antivirus definitions before starting the offline scan.
Before using Windows Defender Offline, save your work and close all programs. The offline scan takes about 15 minutes. After the scan is complete, your PC will automatically restart. Since the scan runs outside the standard Windows environment, the interface may look different from a regular Defender scan. Once the scan is finished, your computer will reboot and load Windows normally.
How to Run Windows Defender Offline via the Graphical Interface
To run Windows Defender Offline, open the Windows Security app and select Virus & threat protection.
Then, under Current threats, click on the Scan options link.
In the Scan options window, select Microsoft Defender Offline scan and click the Scan now button.
Next, in the Save your work window, click the Scan button.
After that, a warning message will appear:
You’re about to be signed out. Windows will shut down in less than a minute.
The computer will restart, and the Windows Defender Offline scan will begin. The scan will take about 15 minutes to complete.
The scan runs fully automatically and does not require any user interaction. Once the scan is finished, the computer will restart again.
How to run Windows Defender Offline in Windows PowerShell
You can start the offline scanning process in the Windows PowerShell console.
Open PowerShell as an administrator and run the following command:
Start-MpWDOScan
After that, a warning message will appear:
You’re about to be signed out. Windows will shut down in less than a minute.
Then the computer will restart, and the Windows Defender Offline scan will begin, which will take about 15 minutes to complete.
How to run Windows Defender Offline in Command Prompt
You can also start the offline scanning process using the Command Prompt.
Open Command Prompt as an administrator and run the following command:
wmic /namespace:\\root\Microsoft\Windows\Defender path MSFT_MpWDOScan call Start
You’re about to be signed out. Windows will shut down in less than a minute.
Then the computer will restart, and the offline scan will begin.
