Windows Defender offline

Microsoft recently released a version of Windows Defender that can be used to help restore operation of infected/compromised PCs. Please see the following article and obtain the latest version from http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline prior to trying the next OS reinstall.

http://www.infoworld.com/t/windows-security/windows-defender-offline-brings-systems-back-the-dead-191053

Windows Defender Offline brings systems back from the dead

Microsoft’s bootable security scanner has emerged from beta and deserves a permanent place in your Windows bag of tricks

Microsoft’s rootkit-busting scanner, Windows Defender Offline, has emerged from beta and now stands ready to unhose various and sundry clobbered systems.

As I explained last December during the beta phase, WDO can bring systems back from the dead. It can also scan for rootkits not picked up by programs running on Windows. With this final release, there’s a great new trick so that you don’t have to schlep a USB drive around to all of the PCs on your network.

WDO, like Microsoft Standalone System Sweeper before it, scans Windows XP (SP3), Vista (RTM, SP1, SP2), Windows 7 (RTM, SP1), or Windows 8 Developer or Consumer Preview. In the normal course of events, you create a CD or USB drive using WDO, then boot WDO from that CD or DVD. WDO boots into WinPE, scans for malware, and offers to remove anything menacing that’s discovered.

WDO uses signature files, which are updated daily. The definition files are stored with the program, so it’s important to run the latest version. If you have an older version of WDO on a USB drive, the WDO installer will only update the definition files. You can use any old Windows PC to create the CD or USB drive, but the “bittedness” of the download has to match the bittedness of the scanned PC.

Here’s the new trick: Jason Githens, on the Microsoft System Center Configuration Manager Team, has posted detailed instructions for using System Center 2012 Configuration Manager to run WDO unattended. It’s a great — and decidedly nontrivial — way to clean systems that trigger an “Offline Scan Required” message in System Center 2012 Endpoint Protection. You don’t need to haul a CD or USB drive to an infected machine in Timbuktu. You can do it in the comfort of your office, staring at a Configuration Manager OSD screen.

There’s a little bedside manner suggestion, offered by Jason: “You’ll get a warning pop-up that you are about to install a new operating system, which isn’t really the case, but that’s a standard pop-up for all deployments with a type of ‘Operating System.’ This is kind of a scary dialogue to end-users, and unfortunately there’s no way to control it. This is why working with end-user directly, or educating them on this process is critical (i.e. avoid panic attacks).”

WDO has a permanent place in my Windows bag of tricks. You should get it, too.

Tags:

Categories: Uncategorized