Windows Defender Offline

[The Tech Professor]

Hello everyone,

Microsoft's bootable security scanner has emerged from beta and deserves a permanent place in your Windows bag of tricks: Check out how you can run WDO unattended - great stuff!

http://www.infoworld.com/t/windows-s...he-dead-191053

Best wishes,
The Tech Professor

[AlaDes]

I've used the beta a few times but have been wondering if there's a difference in it, the offline scanner in MSDart, and MSE. Does anyone know?

[Steve202]

I've used it a few times now and I'm pretty impressed with it.

[iisjman07]

Last time I tried to use the beta is threw up an error message when loading; is it all good now?

[PC Problems]

Last time I used it it, it was painfully slow and useless, I returned to Kaspersky Rescure disk which deleted rootkit in 30 seconds flat...

[ajc196]

It's always worked wonders for me. Additionally, they are small enough to cram both iso's (x86 and x64) onto one CD. Or, a USB if that's your thing. SARDU added support for it at some point a while back, and it will even let you update definitions right in SARDU. Just remember to rename the "WDO" in the iso's to "MSSS".

http://www.sarducd.it/downloads.html

http://windows.microsoft.com/en-US/w...fender-offline

[NYJimbo]

Just wanted to bump this because I am finding WDO to be quite helpful in tracking down stuff others cant. I know most techs know about MSSE but many new techs might not know about this bootable version.

http://windows.microsoft.com/en-US/w...fender-offline
(same link as above post)

Basically it is Microsoft Security Essentials, the look and feel is the same, the only difference is it doesnt install, it boots and runs on its own so you are getting MSSE without needing a bootable O/S on the infected machine. It will try to just run on boot up but you can cancel it and do an update.

Its weird because in the online info they say you should not reuse a WDO ISO because it doesnt have the latest updates, but you can update it so I am not sure if they just want to scare you into downloading the latest and not keep using the same one for months.

You download a tool, it then creates the ISO, DVD or USB. You can also burn the ISO with your own burner software if the WDO built in functions don't work for you. The output from the tool is the actual MSSE/WDO.

I should note that the current version seems to be based on Windows 8 as it has the new logo and colors. But it scans all modern versions of windows (XP, vista,7 and 8).

So far it has found lots of remnants on infected machines and even cleaned up a bad rootkit that nothing else would.

If you do download the MSSSTOOLxx.EXE I would recommend downloading it at least once a month, the EXE itself seems to be updated regularly so if you dont have any online access at a repair site you can get the latest for your tookit the morning before you go out and be very up to date.

[YeOldeStonecat]

I will say one thing......Microsofts detection has surprised me quite a few times.

All of us here have our favorite antivirus...and our favorite tools. While most of us won't agree on antivirus, most of us here will agree on cleaning/removal tools.

Some of you may be familiar with seeing Microsofts Malicious Software Removal Tool. It gets updated at some interval. But you could manually launch it....Start==> Run==> "MRT" without the quotes. And it will kick off the tool to run a manual scan. You want to do that after updating it.

Anyways...point I'm getting to, I've seen MRT, as well as MSE....find stuff on infected drives that other top notch products missed. I've scanned drives that were cleaned with Kaspersky and Eset and MalwareBytes and other stuff....and MRT/MSE has found a few legit files leftover.

So yeah...as "one more scan" by yet another product...."why not?" Only gives a more thorough test.

[ajc196]

If you haven't played with WDO lately, they have now made it Windows 8-based. So it's a bit quicker booting and faster scanning. Still works great with SARDU.

[ShinyTech]

Never knew that they even offered something like this. Ive used many different winPE and linux based boot programs to do removals but never even thought microsoft would develop something like this. ALready downloaded it and excited to try it out. Does anyone know if you install it to a flash drive if it will wipe the drive?