New Windows Defender beta can run outside of Windows

Microsoft's Windows Defender anti-virus tool is getting a new beta version that will allow people with Windows-based PCs to use the software without actually booting up the operating system. The new Windows Defender Offline beta can now be downloaded at Microsoft's web site. The idea is to go after malware and other viruses that can infect Windows during the boot process.

Once users download the Windows Defender Offline beta they can install it on either a CD/DVD or a USB flash drive. They can then run the program from the disk or flash drive when Windows boots up to look for any malware threats during the boot process; if found the software can remove the threats. You can even ask for different types of virus scans: a full scan, a quick scan, or a custom scan. The software comes in 32-bit or 64-bit versions and can also be updated with the latest virus definitions. There's also an FAQ page for any other questions about the new Windows Defender.

Microsoft already has plans for even more sophisticated anti-virus defenses for the upcoming Windows 8 operating system. It's possible this new Windows Defender beta is a small preview of Microsoft's plans for Windows 8.

Report a problem with article
Previous Story

Lumia 800 update released for battery issues and more

Next Story

Twitter launches new look across web and mobile

37 Comments

Commenting is disabled on this article.

Curious question: Isn't Microsoft worried about getting sued by AV companies who might argue monopoly and 'tying' of a product? I thought there was something about Symantec or one of them trying to make some case about that, which is why I thought the consensus before was that MS couldn't bundle anti-malware software because of the whole monopoly thing.

Microsoft really has confused people with the naming conventions over the years. Basically Microsoft produces an anti-malware engine and a set of signatures then packages those into various products. So Windows Defender, the Malicious Software Removal Tool, Microsoft Security Essentials, Microsoft Safety Scanner, and all the Forefront Protection offerings use this same engine and signature set. When Microsoft first decided to get into the Anti-Malware business years ago the Anti-Virus and Anti-Spyware categories were separate, so for both business and other reasons they took the new Anti-Malware engine and only the subset of signatures that were considered Anti-Spyware and packaged it up as Windows Defender. This was available both as a download (for Windows XP) and as part of Windows Vista and Windows 7. Since then the Anti-Virus and Anti-Spyware categories have merged into the broader Anti-Malware category, making Windows Defender not only a rather odd offering but a rather ineffective one. It protects against very few of today's threats. To correct that situation in Windows 8 Defender will gain the full Anti-Malware signature set. This makes it very close to being the same as Microsoft Security Essentials, though it probably contains some new Windows 8-only capabilities (e.g., protecting the boot path, perhaps hooking WinRT APIs, etc.) and drops things that don't apply. That leaves one gap in Microsoft's protection offerings that it is now filling, an Anti-Malware "Rescue Disk". For example, I use Bitdefender's Rescue Disk to perform an offline scan of any machine I suspect might have picked up a Rootkit or other malware that can hide from "online" Anti-Malware software. Now I will be able to use Windows Defender Offline instead.

Hal
http://hal2020

Excellent explanation. MS should still rename Defender in 8, though. Maybe Defender Plus or something so people at least don't try to install another av for nothing. lol

Haha, fair play everyone, I didn't read it. However what I meant mainly was why do this for Windows Defender, and not Microsoft Security Essentials. As I was under the impression that MSE superseded.

P.S, MSE doesn't work on Server 2003

Dan~ said,
Haha, fair play everyone, I didn't read it. However what I meant mainly was why do this for Windows Defender, and not Microsoft Security Essentials. As I was under the impression that MSE superseded.

P.S, MSE doesn't work on Server 2003


Going forward, Windows Defender IS Security Essentials. Everything about MSE is being rolled into Defender as one unified security solution. Offline beta will work with existing MSE-branded versions.

Anyone know if this is set to replace the Standalone System Sweeper which has been Beta and uses the MSE engine, sigs, etc?
Both are bootable AV`s

Riggers said,
Anyone know if this is set to replace the Standalone System Sweeper which has been Beta and uses the MSE engine, sigs, etc?
Both are bootable AV`s

I'm also wondering that also. Surprised that isn't the main question everyone is asking.

Riggers said,
Anyone know if this is set to replace the Standalone System Sweeper which has been Beta and uses the MSE engine, sigs, etc?
Both are bootable AV`s
Sounds like its the same thing but just re-branding it using a already known name behind it. The filename is even the same, mssstool32.exe.

Edited by statm1, Dec 8 2011, 8:24pm :

Riggers said,
Anyone know if this is set to replace the Standalone System Sweeper which has been Beta and uses the MSE engine, sigs, etc?
Both are bootable AV`s

YES they are the same name when you try and download them, however this defender is the code from W8 Dev.

This works well so far. I've been scanning PC's all morning. I've run into alot of times running MSE on a Windows XP system where no infections are reported or found. However, we'll reload the system with W7 and find 7+ infections in the Windows.old/OLD XP Install.

Running Defender Offline will solution having to reload the system to find the bugs. This will also help with boot record infections.

This Defender offline DOES NOT WORK to scan Windows 2003 R2, I've yet to try Windows 2008R2 but I'm sure IT WILL NOT WORK. I was hoping for an offline Server scanner.

This is a good solution. I reload 2-4 systems a week due to infections that MSE or others can't stop or clean. Using a USB drive allows you to update the DEF files when needed without creating a new CD/DVD each time.

Jbenisek said,
This is a good solution. I reload 2-4 systems a week due to infections that MSE or others can't stop or clean. Using a USB drive allows you to update the DEF files when needed without creating a new CD/DVD each time.

I have two small thumbdrives that I use with this, one is 32-bit the other 64-bit. I update the sig files every 2-3 days on them. Comes in handy.

Awesome! Is this capability unique? Or are there other antivirus utilities that let you do this? I know you can use a Linux (or BartPE) live-CD to do a virus scan, but this sounds much simpler.

whitebread said,
Awesome! Is this capability unique? Or are there other antivirus utilities that let you do this? I know you can use a Linux (or BartPE) live-CD to do a virus scan, but this sounds much simpler.

Every major AV vendor has had boot-/offline-only capability in their products for years. MS is just playing catching up as usual.

alpha_omega said,

Every major AV vendor has had boot-/offline-only capability in their products for years. MS is just playing catching up as usual.

As usual? LOL, haters gonna hate.

alpha_omega said,

Every major AV vendor has had boot-/offline-only capability in their products for years. MS is just playing catching up as usual.

Most major vendors do, but few do it well, especially with newer versions of Windows. I've dealt with infected systems before, and those offline scanners are a chore, and one by itself is hardly even powerful enough to fix "grandma's PC".

The ONLY boot CD I felt came close to a dependable offline solution was (and this took me completely by surprise) Norton 2011, which took advantage of Windows Vista's/7's own system files to build a unique boot disc for your system. I don't know if any other competing products use the same technique, but I can at least be sure of one thing:

Defender's offline mode has the potential for the MOST refined access to your system, in a way competing solutions simply can't ever have.

briangw said,
Anti-virus???? I thought Defender was anti-malware....

Windows Defender is replacing MSE in Windows 8 (It's still MSE though), so I assume this is just an offline version of that.

Panda X said,

Windows Defender is replacing MSE in Windows 8 (It's still MSE though), so I assume this is just an offline version of that.


Do you have any source for that?

Windows Defender is here since Vista, and MSE disables Defender when you install it.

Anthonyd said,

Do you have any source for that?

Windows Defender is here since Vista, and MSE disables Defender when you install it.

It's been said by MS that the version of Defender that will come with Windows 8 WILL be anti-virus as well and not just malware like before. What's going in is that they're taking MSE and just putting it into Windows 8 but calling it defender, which I agree with, I think the name Windows Defender is better than MSE in the end.

Anthonyd said,

Do you have any source for that?

Right here. It already exists in the developer preview http://i.imgur.com/pMUdo.jpg (And does infact run the same engine as the "new" MSE beta that came out within the last week or two)

It's amazing they've been able to reduce Window's RAM usage by nearly 100MB, whilst still including the MSE engine as part of the OS which runs at nearly 60-70MB.

~Johnny said,

Right here. It already exists in the developer preview http://i.imgur.com/pMUdo.jpg (And does infact run the same engine as the "new" MSE beta that came out within the last week or two)

It's amazing they've been able to reduce Window's RAM usage by nearly 100MB, whilst still including the MSE engine as part of the OS which runs at nearly 60-70MB.


Thanks.

What's the point when Microsoft Security Essentials exists?

Or does Windows Defender still work on Server OS'?

Dan~ said,
What's the point when Microsoft Security Essentials exists?

Or does Windows Defender still work on Server OS'?

In Windows 8, MSE is built into / branded as Windows Defender - i.e, it's part of the OS, and branded as Windows Defender. Infact, the recent MSE Beta is actually just a rebranded version of Windows 8's Windows Defender (same engine versions)

This special offline Defender / MSE version is a bootable CD, that lets you scan without Windows being run at all - therefore making it easier to detect and remove the more advanced rootkits and virus'.

Dan~ said,
What's the point when Microsoft Security Essentials exists?

Or does Windows Defender still work on Server OS'?

Microsoft Security Essentials will run on a Server OS. Installed and running it just fine on Server 2008 R2, no hacks or adjustments needed.

alpha_omega said,

At least read the article before commenting on it...

Yeah some people just don't read...a or they read put can't comprehend.

yardmanflex said,

Yeah some people just don't read...a or they read put can't comprehend.


No harm asking I say, it doesn't take much to answer also.

chadlachlanross said,

Microsoft Security Essentials will run on a Server OS. Installed and running it just fine on Server 2008 R2, no hacks or adjustments needed.

Except for Windows Home Server 2011.

Pegus said,

Except for Windows Home Server 2011.

Good to know, I didn't know it was out yet... but then again haven't found much use for WHS since playing around with the original when it came out.

~Johnny said,

In Windows 8, MSE is built into / branded as Windows Defender - i.e, it's part of the OS, and branded as Windows Defender. Infact, the recent MSE Beta is actually just a rebranded version of Windows 8's Windows Defender (same engine versions).

Which in turn is a rebranded version of the Forefront Endpoint product

ZEROarmy said,
Which in turn is a rebranded version of the Forefront Endpoint product

Which in turn is about to be rebranded System Center Endpoint Protection...

alpha_omega said,
At least read the article before commenting on it...
Actually, the article doesn't explain the difference between Windows Defender and Microsoft Security Essentials, so the question was perfectly valid. In fact I was interested to know the exact same thing.

Rather than having a go at other people, how about trying to help them?