New
#30
@Cliff S
Just FYI. Apparently this is still available. Doesn't answer your issue, I know, but might prove/disprove if it will run at all!
https://support.microsoft.com/en-us/...-protect-my-pc
@Cliff S
Just FYI. Apparently this is still available. Doesn't answer your issue, I know, but might prove/disprove if it will run at all!
https://support.microsoft.com/en-us/...-protect-my-pc
Thanks I just wanted to try it in a "real world" situation I was in yesterday. My main way of recouping my system from an attack is Macrium, with an external disk image that stays disconnected, until I've run complete Defender, AdwCleaner, MBAM, and MRT scans, on all four internal disks, and then I'm ready to create an image.
Caution / Warning: Windows Defender Offline (WDO) blue screen boot loop
For those using Windows 10 version 1607.
Windows Defender Offline was first integrated into Windows 10 beginning with the Anniversary version 1607.
A WDO blue screen boot loop can be an unexpected outcome if you use Windows Driver Verifier.
How to reproduce the WDO blue screen boot loop with windows 10 version 1607:
1) start with a clean install of windows 10 version 1607 using windows 10 iso: Download Windows 10
2) type verifier in search
3) move dot from create standard settings to create custom settings (for code developers)
4) for select individual settings from this full list check all boxes except Randomized low resources simulation and DDI compliance checking, and DDI compliance checking (additional)
5) click next
6)move dot from automatically select unsigned drivers to select drive names from a list
7) click next
8) click on column heading Provider so that it sorts the providers
9) check all non-Microsoft drivers (on a recent clean install for my notebook there were approximately 17)
10) click finish
run driver verifier until it produces a blue screen
typically one occurs immediately with stop code driver verifier detected violation
11) power off and power on to go to windows troubleshooting menu
12) choose start up options
13) select choice number 6: safe mode with command prompt
14) type verifier /reset
15) reboot and return to the desktop
16) open windows defender and click on setting in the right upper corner
17) in the pop up scroll towards the bottom and click on scan offline
18) reboot
19) observe the WDO load
20) observe the WDO quick scan
21) reboot to desktop
22) so far you have ran one windows driver verifier and produce a blue screen and have run WDO and returned to the desktop. Now you must prepare for the WDO blue screen boot loop. Any and all important files should be backed up. Any diagnostic or research work should be done at this time as the next step will lead to the WDO blue screen boot loop.
23) run Windows driver verifier a second time
24) now you are in a WDO blue screen boot loop
25) if you try to exit this blue screen boot loop all boots lead to another WDO load and then WDO quick scan.
26) it was not possible to get to safe mode with command prompt to turn off windows driver verifier
27) using a windows 10 bootable iso for windows troubleshooting unfortunately is missing the startup options menu so you cannot get to safe mode with command prompt.
28) a reset with save files may indicate the drive where windows is located is locked. Please unlock the drive and try again.
29) a reset with remove all files may indicate that there is a missing partition.
30) window 10 version 1607 will soon become an old version. The windows 10 Creators Update is rolling out this month (April 2017). At this point it is unknown whether this incompatibility problem will persist or whether it has been corrected.
If anyone already has a copy of the new version if you can please check to see whether there is still an incompatibility problem with the two windows software products.
I am sorry if my post is not relevant.
I used Macrium for over a decade with no issues.
I had a problem with WDO when I first tried it. I recovered with Macrium and since then it runs every time. This is likely not applicable to your post which is too complicated for me but I saw the 2 red flag words and wanted to comment on them.
Yesterday 4/5/2017 I upgrade one of my computers from windows 10 professional version 1607 to Windows 10 version 1703 (OS Build 15063.13).
The WDO blue screen boot loop was tested using windows driver verifier.
The WDO blue screen boot loop will soon become history as the new version 1703 did not produce a WDO blue screen boot loop.
Hi Shawn!
I just finally found out what my problem was on the my desktop, why I couldn't run an offline scan.
While in the Feedback hub, up voting and commenting(me too!) I came across this one: Feedback Hub - Windows Insider
And the response from Microsoft was TOTALLY helpful when one understands it(and is pretty advanced, and has a black belt in searching):
Well I did a search to find out how to find, repair or replace WinRE, and fond this: TeraByte Unlimited Knowledge BaseThank you for providing this feedback. The reason Windows Defender Offline is not working in this case is due to the WinRE (Windows Recovery Windows Recovery Environment (Windows RE) | Microsoft Docs) environment getting corrupted (to run the offline scan the Operating system boots into WinRE). To get WDO to work again you must recover the WinRE environment for your specific Operating system version.
We need your help to understand more about how WinRE got corrupted and we would greatly appreciate getting new logs. (from users in Windows Insiders Program, builds 16262 or higher)
Here are the steps: (Creators' Update version and greater)
- locate this feedback item in Feedback Hub (go to My Feedback)
- select "Add Feedback Details" in Feedback Hub and follow "Recreate the problem" instructions
- select type of problem "Windows Defender Antivirus (Default)")
- press "Start Capture",
- repro the problem (exact repro steps would be extremely helpful)
- press "End Capture" and
- upload the logs.
Thank you!
First following the instructions, I found out I had no WinRE file in C:\Windows\System32\Recovery.
So I needed to find, or in my case create one.
I tried the tut at that site, but couldn't get it to work(tutorial wasn't that good), but I remembered that @Kari either just made one or updated it: Convert ESD file to WIM using DISM in Windows 10 Tutorials
He, like you writes excellent step x step for dummies tutorials,
and I was able to change my Install ESD to WIM,
then open it in 7Zip,
and pull out the Winre from the Install.wim by going to D:\ISO_Files\sources\install.wim\Windows\System32\Recovery\
and copying it to my downloads folder(desktop is ok too) as you cannot copy to C:\Windows\System32\Recovery inside of 7Zip ( a permissions for the root folder),
then I copied it to the recovery folder.
I then needed to run reagentc /enableto activate it.
After that, when I was able to run the offline scan
I hope you or Kari can make a tutorial on this, as I am sure it has other reasons to be done.
I just wonder why mine was missing.
Also after the offline scan, while looking for it again(the WinRE) it was gone from the recovery folder again
So I am keeping my copy tucked away for now, should I need it again
Thanks Cliff, I was able to run one but not sure if it completed. My PC restarted and it started to scan but it did not take 15 minutes.