Ive read that Windows Defender doesn't automatically scan any attached removable drives such as USB flash drives when a Full Scan is performed.
If that's correct. Lets say that you insert a USB flash drive that has somehow become unknowingly infected with malware. How does Windows Defender detect it and keep it from infecting your PC if it doesn't scan this flash drive immediately when it is inserted into a USB port on the PC?
Note:
If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives.
Configure Windows Defender Antivirus scanning options
You can set a group policy that allows you to manage whether or not Windows Defender scans for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan.
Removable drives can always be scanned during a quick scan and custom scan.
Enable Windows Defender Scan Removable Drives in Windows 10
Thanks for providing the links. I don't want to start making Group Policy changes etc. I prefer to leave those things well alone at their default settings. If I want to manually scan a USB flash drive I right click on the drive and select Scan with Windows Defender from the context menu. Ive never used the Custom Scan option and I never do manual quick scans either because Defender does automated quick scans itself. I perform a once weekly manual Full Scan.
I always have Real Time Protection turned on which seems to mean, judging by those links you show, that when a USB flash drive is inserted into a USB port that Windows Defender will automatically scan the drive for malware. Have I got that right?
I'd be interested to know how others use Windows Defender to protect their PC when real time protection is on 24/7 as in my case. When you have Real Time Protection turned on does that mean that all Removable Drives are automatically protected?
Last edited by sportsfan148; 08 Sep 2019 at 13:53.
No, You have the answer above:
files are scanned before they are accessed and executed
meaning, when you open that folder, files will be scanned (assuming default system options are set - no indexing of removable drives etc..)
Edit:
I'll leave that written above, to remind me about read more careful. WD will scan content, if real time is enabled...
:end
If you want to change that, set appropriate options, like shown in Tutorials posted in previous post.
There is an app to set all the options in Windows defender via graphical interface, but non experienced user could get into some problems.
It is called ConfigureDefender.
Last edited by AndreTen; 08 Sep 2019 at 17:11.
So in the case of a USB flash drive. If files are scanned before they are accessed and executed then you wouldn't know it had malware until you came to use the flash drive.
Lets say the flash drive was your bootable Windows 10 installation media that you had created several months before. If you were going to now use it for a clean installation and it had somehow got infected with malware you wouldn't know until after the installation..unless you manually scanned the flash drive before using it
Without any special options.. any file would be scanned in the process of reading from original and writing.
USB is also scanned in the moment of connection, but only the structure and files that are accessed (drive structure table and any files that are processed...
If files would be altered after that, I'm not sure, but guess you're right.
Admit, you got me to talk about things I'm not precisely familiar about.. There are some experts here..
WD scans the whole of any connected drive if you leave it connected long enough.
You can see this for yourself if your connected drive has an activity light. Connect it, do whatever job you wanted to do, leave it connected afterwards. The activity light will start blinking after a short period.
Denis
I have to correct myself. (Thanks Denis...) . this is where you get if trust third person Quotes (in second post)
WD documentation says:
But, I have this option enabled... default should be Disabled:If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives.
Scan removable drives during full scans only Scan > Scan removable drives Disabled -DisableRemovableDriveScanning
Quote