Windows Defender Offline is a tool that Microsoft provides to scan for and remove rootkits or nasty viruses that refuse to leave your computer.
This tool is called “Windows Defender Offline” because it is a standalone tool that can be run without starting Windows 10. The main reason is that when your device is infected with a rootkit or other high-end malware, it is challenging to remove them while Windows has been fully loaded.
Previously, you had to download an offline version of your antivirus to create bootable media. However, starting with Windows 10th anniversary update, the Settings app has a new option to run the antivirus offline without bootable media.
In this guide, you’ll learn the steps to use Windows Defender Offline from the Settings app to remove rootkits or viruses from a Windows 10 computer.
How to use Windows Defender Offline on Windows 10
1. Open Settings.
2. Click Update & security.
3. Click Windows Defender.
4. Scroll down and click the Scan Offline button to restart Windows 10 into Windows Defender.
When your computer boots into Windows Defender Offline, the scan will start automatically. If detecting a rootkit or virus, the anti-virus program will be removed automatically.
Windows Defender can run a scan with the latest definition, but you can always go to the Update tab to check for new updates.
Once the scan is complete, close Windows Defender by clicking “X” at the top right to reboot in normal mode.
Also, if you are unable to use the infected computer, you need to download the standalone version of Windows Defender Offline using the following links:
- Windows Defender Offline standalone 32-bit | Download
- Windows Defender Offline standalone 64-bit | Download
You will then need to create a bootable medium for your offline scan to eliminate any malware using Windows Defender.