Noteīefore running an offline scan, you should attempt to update the definitions on the endpoint. Depending on your setup, this is usually though Microsoft Update or through the Microsoft Malware Protection Center.

Windows Defender Offline uses the most up-to-date signature definitions available on the endpoint it's updated whenever Windows Defender is updated with new signature definitions. To run Windows Defender Offline from the endpoint, the user must be logged in with administrator privileges. Windows Defender Offline is not supported on machines with ARM processors, or on Windows Server Stock Keeping Units. Windows Defender Offline in Windows 10 has the same hardware requirements as Windows 10.įor more information about Windows 10 requirements, see the following topics: In previous versions of Windows, a user had to install Windows Defender Offline to bootable media, restart the endpoint, and load the bootable media. In Windows 10, Windows Defender Offline can be run with one click directly from the Windows Defender client.

The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR). ( Iaan Microsoft) Windows Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment.