Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows Defender Offline

31 May 2011   #99
Brink
Microsoft MVP

64-bit Windows 8.1 Enterprise
 
 
Windows Defender Offline

How to Use Windows Defender Offline



My System SpecsSystem Spec
16 Oct 2011   #100
mjf

Windows 7x64 Home Premium SP1
 
 

I ran the DVD I made some months ago and when I selected download definitions I got the following error
Error 0x880072ee7
Server name or address could not be found.

I'm not sure what definitions to manually download.
Can you help?

Edit: Got it I think - download the latest mpam-fex64.exe

My System SpecsSystem Spec
05 Dec 2011   #101
barbarossa2241

windows 7 home premium 64bit
 
 

I did create a cd and it works perfect. Thanks Brink. Now, I am going to do my wife's laptop.
My System SpecsSystem Spec
05 Dec 2011   #102
Brink
Microsoft MVP

64-bit Windows 8.1 Enterprise
 
 

You're most welcome Barbarossa. I'm happy to hear that it's working just fine for you.
My System SpecsSystem Spec
06 Dec 2011   #103
Corrine

Windows 7 & Windows Vista Ultimate
 
 

The Standalone System Sweeper has been renamed! See Windows Defender Offline Beta, formerly Standalone System Sweeper.
My System SpecsSystem Spec
.


06 Dec 2011   #104
Brink
Microsoft MVP

64-bit Windows 8.1 Enterprise
 
 

Thank you Corrine.

It looks like it's time to redo the tutorial for the renamed Windows Defender Offline Tool now.
My System SpecsSystem Spec
12 Dec 2011   #105
Keith2468

Windows Home Premium 64-bit
 
 

Hi -

I've just been looking into Windows Defender Offline (WDO) and I have these updates I'd like to suggest for the Tutorial.

I did this research because, like many home users, I have a new Windows 7 64-bit machine and an old Windows XP SP3 machine. I wanted to be sure that Windows Defender Offline would work for me when the time comes.

I didn't read the 5 pages of comments, so this may be repeating some other suggestions. I just read the Tutorial, then the WDO FAQs and instructions, and then posted some questions to MS. So to the best of my ability, this is a summary of the updates needed to the Tutorial to bring it up to date.

1. The tutorial kind of implies the WDO boot media must be created on the computer that it will later be run on. That is not true, or at least no longer true. Note the repeated use of "same" at the top of Step Two:
"Insert or connect the same 32-bit or 64-bit Windows Defender Offline bootable CD/DVD or USB flash drive to the same 32-bit or 64-bit Windows computer that you want to scan with at boot."
I suggest a wording something like:
"Insert or connect a Windows Defender Offline bootable CD/DVD or USB flash drive into the computer that you want to scan. Be sure that the version of Windows Defender Offline is 32-bit or 64-bit, whatever the computer being scanned has installed."
"Has installed" or "normally uses".

Windows Defender Offline can create a bootable disk on Windows XP SP3 32-bit system that will run on Windows 7 64-bit system, and vice versa.

The creation and destination computers can run different versions of Windows, can be a mix of AMD and Intel processors, can have different make DVD or CD drives.

These scenarios are test cases that the WDO specs say it should pass.

So a good thing to do in advance preparation is to use your nice new Windows 7 64-bit computer to (1) create a bootable USB stick with the 64-bit version of WDO, and (2) create a bootable USB stick with the 32-bit verision of WDO for any 32 bit computer you have that can boot from USB.

If you have a 32 bit computer that gets infected, but its BIOS does not support booting from USB, use your Windows 7 64-bit computer to create a fresh bootable WDO 32-bit boot CD at the time of infection, when you need it.

2. The Tutorial states an internet connection as a requirement for the destination computer to run Windows Defender Offline. That is not true, or at least no longer true.

An internet connection is not required to run WDO, WDO is intended to run offline, hence the name.

An internet connection is required to update the malware definitions, but if the infected computer does not have internet access the updates can be done after booting the WDO memory USB memory stick on a second computer of the same 32-bit or 64-bit architecture.

If a second computer with the same 32-bit or 64-bit architecture is not available to boot the memory stick, of if the destination computer cannot boot from a USB device (common for older computers) one can create new fresh bootable CD by going to the WDO download page and then downloading and running the current bootable media creation program on an uninfected computer that is still connected to the internet.

So in the requirements at the top of the Tutorial, where it says:
The following additional requirements apply only to the computer infected by a virus or malware:
  • The computer infected with a virus or malware must have the same Windows operating system architecture as Windows Defender Offline Beta, either 32-bit or 64-bit.
  • Internet connection: Required for installation and download of the latest virus and spyware definitions for Windows Defender Offline.
  • Internet Browser: Windows Internet Explorer 6.0 or higher or Mozilla Firefox 2.0 or higher.
  • In addition, BitLocker must be disabled to use Windows Defender Offline Beta.
  • If your computer has Data Execution Protection (DEP) turned on, you'll need to turn it off before booting your PC from the CD, DVD, or USB flash drive."
It should probably say something like:
The following requirements apply to the computer infected by a virus or malware:
  • The computer being scanned must run a supported version of Windows (Windows XP SP3, Windows Vista, or Windows 7).
  • The scanned computer does not have to run the same version of Windows as the computer that created the bootable media.
  • The computer infected with a virus or malware must have the same 32-bit or 64-bit architecture as Windows Defender Offline Beta, either 32-bit or 64-bit.
  • In addition, BitLocker must be disabled to use Windows Defender Offline Beta.
The following optional requirements maybe necessary:
  • Internet connection: Required to download the latest virus and spyware definitions for Windows Defender Offline, if another computer is not available to do this.
I'm not sure where the part about DEP requirement comes from. I can't find it now, but it may have been a requirement before. I tested WDO on a Windows 7 64-bit computer with DEP active and didn't get any error messages, which makes sense since the DEP is going to monitor what WDO is telling it to monitor and WDO is not going to tell DEP to not let it run.

Finally, Windows Defender runs from the bootable media. It doesn't use, know or care if you've got Internet Explorer, Firefox or Chrome installed on the destination computer. You need a web browser on the creation computer so you can do the download, but the programs WDO needs on the destination computer are all contained on the bootable media.

- Keith
My System SpecsSystem Spec
12 Dec 2011   #106
Brink
Microsoft MVP

64-bit Windows 8.1 Enterprise
 
 

Hello Keith, and welcome to Seven Forums.

I've updated the tutorial to help make it clearer.

I read it somewhere on the Microsoft site about DEP, but I can no longer find it either so I removed it.
My System SpecsSystem Spec
08 Jan 2012   #107
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

Shawn,
Where have I gone astray?

The only log file being generated is:
C:\Windows\Windows Defender Offline\Support\msssWrapper.log

Under the standalone system sweeper, I had dated log files.

What have I done wrong?

Win 7 Ultimate X64 Sp1 on laptop and got same result for both my system partition and for my data partition (two separate runs).
My System SpecsSystem Spec
08 Jan 2012   #108
Brink
Microsoft MVP

64-bit Windows 8.1 Enterprise
 
 

Hello Karl,

Looks like a beta bug.
My System SpecsSystem Spec
08 Jan 2012   #109
SIW2

Microsoft Community Contributor Award Recipient

Vista x64 / 7 X64
 
 

It is extremely complicated .

No idea why MS is doing it that way.

I have a copy of Esetsmartinstaller on my boot media.

The app. is 32 bit coded - so chuck it into any type of 32 bit pe , bartpe , pe2, pe3, pe4 doesn't matter - it just works.

It will scan any windows o/s you have installed - 32 or 64 bit doesn't matter.

That is all . It is only 2mb.

It is free.

You can give it a go if you like.

ESETSmartInstaller.zip

If you have made the 32 MS bootable usb - just chuck esetsmartinstaller on there - anywhere you like - windows\system32 is probably easiest to point at.

You need to point at it in some way.

Here's a very simple way to do that:

Change the Windows\System32\winpeshl.ini to start command prompt instead of the MS scanner.

Type esestsmartinstaller at cmd prompt and off it goes.

Change winpeshl.ini

From

Code:
[LaunchApp] 
AppPath = "%ProgramFiles%\OfflineScannerShell\OfflineScannerShell.exe"
To

Code:
[LaunchApps] 
wpeinit
cmd.exe
Because you have now launched cmd as the shell - you can of course use it to fire up The MS scanner instead - just type the path to it , or start notepad, or regedit, or anything else you have in there.


My System SpecsSystem Spec
Comment

 Windows Defender Offline




Tutorial Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:19 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33