Categories
Self-organization

How to scan a file or folder for malware with microsoft defender on windows 10

By Stella | Follow | Last Updated November 24, 2020

Summary :

How to scan a file or folder for malware with microsoft defender on windows 10

Microsoft Defender is a Windows built-in anti-malware utility. When there is a new added file on your computer, it can scan for malware and warn you if it finds threats. On the other hand, you can also make Microsoft Defender scan a file or folder if you suspect there are threats. MiniTool Software will show you how to do this right now.

Do You Want to Scan a File or Folder for malware with Microsoft Defender

Microsoft Defender, which is formerly known as Windows Defender before Windows 10 May 2020 Update or Windows Defender Antivirus in Windows 10 Creators Update and later, is a Windows snap-in anti-malware tool.

When you open a file on your computer, this tool will scan it for malware and report you if it finds threats. On the other hand, you can also initiatively scan a file or folder for malware with Microsoft Defender when you suspect that there are threats in some certain file or files.

But do you know how to make Microsoft Defender scan a file or folder for malware? It is very easy to do this work. We will show you a guide in the following part.

How to Scan a File or Folder with Microsoft Defender?

You can follow these steps to Microsoft Defender scan a folder or file when necessary:

1. Go to find the file or folder you want to scan for malware.

2. Right-click on the target file or folder and then select Scan with Microsoft Defender from the context menu. If you are using a Windows 10 version that is prior to the May 2020 Update, this option will be shown as Scan with Windows Defender.

How to scan a file or folder for malware with microsoft defender on windows 10

3. This tool will pop up and begin to scan the selected item. The whole process should end quickly. If there is no malware, you will see the following interface saying No current threats.

How to scan a file or folder for malware with microsoft defender on windows 10

However, if it detects some threat in the selected item, Microsoft Defender will show you an alert message saying Threats Found. Start the recommended actions and it will show you the file or files that have been infected. Then, you need to remove the found threats. To do this work, you can click the Start actions button to continue.

How to scan a file or folder for malware with microsoft defender on windows 10

4. Microsoft Defender will automatically delete the threats found from your computer. After that, your computer should be safe.

5. If you want to find more information on the threats that have been removed, you can click the Protection History line to view the latest protection actions and recommendations from Windows Security.

What If Microsoft Defender Deleted My Files by Mistake?

In rare cases, Microsoft Defender may delete your important files unexpectedly. To get them back, you can use this free data recovery software: MiniTool Power Data Recovery.

This program is specially designed to rescue your lost and deleted files that are not overwritten by new data. With the trial edition of this software, you can scan the drive you want to recover data from and then check whether this software can find the files you want to restore.

How to scan a file or folder for malware with microsoft defender on windows 10

This article shows you the details on how to use this software to recover the files that are removed by Microsoft Defender: [SOLVED] Windows Defender Deleted Files, How To Get Back Easily.

Bottom Line

Now you should know how to make Microsoft Defender scan a suspected file or folder and use it the remove the threats that are found by this tool. You also get a useful file recovery tool that can rescue your lost and deleted important files. Should you have any related issues, you can let us know in the comment.

  • Facebook
  • Twitter
  • Linkedin
  • Reddit

ABOUT THE AUTHOR

How to scan a file or folder for malware with microsoft defender on windows 10

Position: Columnist

Stella has been working in MiniTool Software as an English Editor for more than 4 years. Her articles mainly cover the fields of data recovery including storage media data recovery and phone data recovery, YouTube videos download, partition management, and video conversions.

MsEdge.exe is the process related to Microsoft Edge. Microsoft Edge as you may already know is the default browser that comes preinstalled with Windows OS. So, if you are on Windows 10 or Windows 11, you will see the process running on your computer. If it is so common then why are we even discussing it? The issue that a lot of users are experiencing is pretty daunting. According to them, msedge.exe is consuming a lot of their CPU and Disk resources. If you are one of the victims, then maybe the process on your system is not genuine, instead, it is a virus. To know what is msedge.exe and if it is safe for your system, you should read the entire article.

What is MsEdge.exe?

MsEdge is an abbreviation of Microsoft Edge and EXE means executable file. All the application on your system has an executable file, which is triggered when you open the app. So, you will see the process in question while running Microsoft Edge, sometimes, even after closing it. And if you are opening way too many tabs on the browser, you will see a surge in its consumption level.

Is MsEdge.exe legit?

MsEdge.exe is a genuine process, it is safe and there is no need to worry if you see it running. But maybe it’s not. A virus or malware can masquerade as a genuine process. To know whether the process running on your system is genuine or not, we need to check the location.

To do that, open Task Manager, go to the Details tab, look for msedge.exe, right-click on it, and select Open File Location. You will be redirected to a location in File Explorer, where you will see the msedge.exe process.

If you are still suspicious, you can right-click on msedge.exe from File Explorer and then select Scan with Defender. This will scan the file and give you the result.

In case, scanning yields no result and you for some very obvious are suspecting that there are some viruses on your system, you can try using your antivirus to scan the system. If you don’t have an antivirus, then follow the given steps to use Windows Defender to scan your system on Windows 11/10.

  1. Search out “Windows Security” from the Start Menu.
  2. Go to Virus & threat protection > Scan options.
  3. Select Microsoft Defender Offline scan and click Scan now.

Let it run, and hopefully, it will resolve the issue for you.

Where is Msedge.exe located?

Msedge.exe is an executable file of Microsoft Edge. And is located where the edge is installed. Following is the location of Edge browser, there you will find msedge.exe.

C:\Program Files (x86)\Microsoft\Edge\Application

So in conclusion, the msedge.exe process, if located in the above folder is the legit Edge process; else it could be malware.

Msedge.exe high Disk or CPU usage

If the msedge.exe process is continuously using high CPU or Disk usage, then you may need to check Edge add-ons. If need be, clear Edge browsing cache and see. If nothing helps, resetting Edge is sure to help you.

What is msedge.exe.exe and how do I remove it?

Some users are complaining that Microsoft Defender Firewall is popping and saying that there is a suspicious file called msedge.exe.exe. Now we have to point out that this one is a virus for sure! So, do not click on the Allow access button.

Go to the path mentioned in the pop-up, right-click on the exe file and select Scan with Defender. It will give you the results.

Having identified that it is malware masquerading as the legit Edge file, we recommend that you scan your computer with your antivirus software at boot time for best results.

In Windows 10, Microsoft Defender (previously called “Windows Defender”) always scans files before opening them, unless you’ve installed a third-party antivirus. You can also do a quick scan of any file or folder. That’s how.

First, find the file or folder you want to scan. It can be located within File Explorer or on your desktop. With the mouse cursor, right-click on the element.

In the menu that appears, select “Scan with Microsoft Defender”.

(On versions of Windows 10 prior to the May 2020 Update, this option will say “Scan with Windows Defender.”)

How to scan a file or folder for malware with microsoft defender on windows 10

A Windows Security window will appear and the scan results will be displayed near the top, just below the “Scan Options” heading. If everything is ok, you will see “No current threats”.

How to scan a file or folder for malware with microsoft defender on windows 10

On the other hand, if malware is detected, Microsoft Defender will alert you with a message that says “Threats found” and list the file or files that are infected.

To remove the threats, click the “Start Actions” button.

How to scan a file or folder for malware with microsoft defender on windows 10

After clicking “Start Actions”, Microsoft Defender will remove the threats automatically and everything will be back to normal. For more details on which threats were neutralized, click “Protection History” just below the scan results.

Good luck and take care!

How to see what malware Windows Defender found on your PC

This brief tutorial shows students and new users how to scan for malware with Microsoft Defender, (previously Windows Defender)

Microsoft Defender Antivirus scans your computer regularly to keep your device safe from viruses and malware. The scan takes place while your computer is not being used or when it’s idle so not to interfere with your work.

You can also schedule Microsoft Defender to run during that time you defined and scan at a time and frequency that you choose.

This will mean less interference with your work.

Run Microsoft Defender on demand

When you’re concerned about risks to a specific file or folder, you can right-click the file or folder in File Explorer, then select Scan with Microsoft Defender.

This is much faster than running a full scan on all your files and folders.

Run a quick scan

If you suspect there’s malware or a virus on your computer, you can run a quick scan using Microsoft Defender. This is much faster than running a full scan on all your files and folders.

To do that, follow the steps below:

  • Select Start >Settings >Update & Security >Windows Security and then Virus & threat protection.
  • Under Current threats, select Quick scan (or in previous versions of Windows 10, under Threat history, select Scan now)

Run an advanced scan

You can run an advanced scan on your computer if you suspect it to be infected. To do that, follow the steps below:

  1. Select Start >Settings >Update & Security >Windows Security and then Virus & threat protection.
  2. Under Current threats, select Scan options (or in previous versions of Windows 10, under Threat history, select Run a new advanced scan).
  3. Select one of the scan options:
    • Full scan (check files and programs currently running on your device)
    • Custom scan (scan specific files or folders)
    • Microsoft Defender Offline scan (run this scan if your device has been, or could potentially be, infected by a virus or malware).
  4. Select Scan now.

Schedule a scan

To schedule Microsoft Defender Antivirus program to only scan your computer at the time and frequency you choose, click Start => then search for Schedule tasks

Select Schedule tasks from the result listed on the menu.

When Schedule Tasks opens, in the left pane, expand Task Scheduler Library > Microsoft > Windows, and then scroll down and double-click (or press) the Windows Defender folder.

In the top center pane, double-click (or press twice) Microsoft Defender Scheduled Scan.

This should open the task properties. In the Microsoft Defender Scheduled Scan Properties (Local Computer) window, select the Triggers tab, go to the bottom of the window, and then tap or click New.

On the task setting pane, specify how often you want the scans to run and when you’d like them to start. This should always run on exact time you define here. But your computer must be powered on and running for this to work.

If your computer is shutdown, this task will fail to run

The trigger above runs daily at 12AM and stops the task if it runs for more than 2 hours. You can configure more advanced settings like repeat every 1 or 4 or 8 hours. You can also delay the task randomly. but the basic settings should work fine.

Conclusion:

This post showed you how to use Microsoft Defender to perform scan on your computer. If you find any error above, please use the form below to report.

You may also like the post below:

Published by Richard

Hi, I’m Richard. In my spare time, I research topics that are interesting and worthwhile for users and students who want to try something new. I, too, am a student and my focus here is to help other students and new users get started with managing Ubuntu Linux, Windows, Content Management Systems (CMS) and others. I try to do my best explaining the topics and detailing the instructions so that anyone can understand. These tutorials may not work in all situations and for all users. However, if you run into trouble, please ask your questions below and I or someone from the community may help you resolve. Thanks for reading and hope you come back.

Leave a Comment Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Applies to:

Platforms

Microsoft Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR).

You can use Microsoft Defender Offline if you suspect a malware infection, or you want to confirm a thorough clean of the endpoint after a malware outbreak.

In Windows 10 and Windows 11, Microsoft Defender Offline can be run with one click directly from the Windows Security app. In previous versions of Windows, a user had to install Microsoft Defender Offline to bootable media, restart the endpoint, and load the bootable media.

prerequisites and requirements

Microsoft Defender Offline in Windows 10 and Windows 11 has the same hardware requirements as Windows 10.

For more information about Windows 10 and Windows 11 requirements, see the following topics:

Microsoft Defender Offline is not supported on machines with ARM processors, or on Windows Server Stock Keeping Units.

To run Microsoft Defender Offline from the endpoint, the user must be logged in with administrator privileges.

Microsoft Defender Offline updates

Microsoft Defender Offline uses the most recent protection updates available on the endpoint; it’s updated whenever Windows Defender Antivirus is updated.

Before running an offline scan, you should attempt to update Microsoft Defender AV protection. You can either force an update with Group Policy or however you normally deploy updates to endpoints, or you can manually download and install the latest protection updates from the Microsoft Malware Protection Center.

Usage scenarios

In Windows 10, version 1607, you can manually force an offline scan. Alternatively, if Windows Defender determines that Microsoft Defender Offline needs to run, it will prompt the user on the endpoint.

The need to perform an offline scan will also be revealed in Microsoft Endpoint Manager if you’re using it to manage your endpoints.

The prompt can occur via a notification, similar to the following:

How to scan a file or folder for malware with microsoft defender on windows 10

The user will also be notified within the Windows Defender client.

In Configuration Manager, you can identify the status of endpoints by navigating to Monitoring > Overview > Security > Endpoint Protection Status > System Center Endpoint Protection Status.

Microsoft Defender Offline scans are indicated under Malware remediation status as Offline scan required.

How to scan a file or folder for malware with microsoft defender on windows 10

Configure notifications

Microsoft Defender Offline notifications are configured in the same policy setting as other Microsoft Defender AV notifications.

For more information about notifications in Windows Defender, see the Configure the notifications that appear on endpoints topic.

Run a scan

Before you use Microsoft Defender Offline, make sure you save any files and shut down running programs. The Microsoft Defender Offline scan takes about 15 minutes to run. It will restart the endpoint when the scan is complete. The scan is performed outside of the usual Windows operating environment. The user interface will appear different to a normal scan performed by Windows Defender. After the scan is completed, the endpoint will be restarted and Windows will load normally.

You can run a Microsoft Defender Offline scan with the following:

  • PowerShell
  • Windows Management Instrumentation (WMI)
  • The Windows Security app

Use PowerShell cmdlets to run an offline scan

Use the following cmdlets:

See Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus and Defender Antivirus cmdlets for more information on how to use PowerShell with Microsoft Defender Antivirus.

Use Windows Management Instruction (WMI) to run an offline scan

Use the MSFT_MpWDOScan class to run an offline scan.

The following WMI script snippet will immediately run a Microsoft Defender Offline scan, which will cause the endpoint to restart, run the offline scan, and then restart and boot into Windows.

See the following for more information:

Use the Windows Defender Security app to run an offline scan

Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for Defender for Cloud.

Click the Virus & threat protection tile (or the shield icon on the left menu bar) and then the Advanced scan label:

Select Microsoft Defender Offline scan and click Scan now.

In Windows 10, version 1607, the offline scan could be run from under Windows Settings > Update & security > Windows Defender or from the Windows Defender client.

Review scan results

Microsoft Defender Offline scan results will be listed in the Scan history section of the Windows Security app.

If you’re looking for Antivirus related information for other platforms, see:

If your computer is starting to act weird

Is your Windows 10 computer performing slower than usual? Are you seeing different pop-ups that weren’t there before?

If these are the cases, you may have a malware-infected PC on your hands. There are ways you can check. This article will teach you how to scan your PC for malware in Windows 10.

How to scan a file or folder for malware with microsoft defender on windows 10

Windows Defender

The first logical place to start would be Windows Defender. Not only is it free, but it also comes with every Windows 10 purchase. It’s also simple to use — making it the ideal solution for your average users who won’t go beyond mainstream sites.

It works by scanning for threats like adware, spyware, and viruses. Turning Defender on will stop malicious software from doing any significant damage.

Turning on Windows Defender

Open Windows Settings. Go to Update and Security > Windows Security. Under Protection Areas, select Virus & Threat Protection.

How to scan a file or folder for malware with microsoft defender on windows 10

A new window will pop up with a list of security options. Click Virus & Threat Protection. Now click Virus & Threat Protection Settings. Go to Real-Time Protection and switch it to the on position if it’s currently off.

How to scan a file or folder for malware with microsoft defender on windows 10

How to scan a file or folder for malware with microsoft defender on windows 10

Once activated, Windows Defender will automatically scan your computer for malware. The most recent iteration of Windows Defender is not available on Windows 7 or Windows 8.

Is Windows Defender enough?

The short answer is no — not if you’re looking for a much more robust solution. As mentioned earlier, Defender will be enough for the average user. But if we’re talking pure performance, there are third-party solutions out there that offer more protection and can be fine-tuned to meet specific needs.

Diagnosing Malware in Windows 10

There are other ways of diagnosing malware in a Windows 10 computer. Below are just a few.

Safe Mode

PCs have a feature called Safe Mode. When you boot a PC through this mode, only the essential programs are loaded. Malware is prevented from launching. If your computer performs faster while in Safe Mode, there’s a chance that you have malware.

How to scan a file or folder for malware with microsoft defender on windows 10

To access Safe Mode, go to Start > Power. While holding the Shift key, press Restart. After the computer reboots, you should be able to access Safe Mode.

How to scan a file or folder for malware with microsoft defender on windows 10

You want to delete temporary files while in Safe Mode. Go to Search and type Disk Cleanup. It’s a free utility tool that’s included in Windows 10. This will help you remove old files and possibly malware after a quick scan.

Third-party scanners

If you feel like your current antivirus solution isn’t up to the challenge, maybe it’s time to consider installing one of the many malware scanners in the market today.

Some of these solutions are free while others you’d have to pay for. There are one-time purchases while others are subscription-based. Some antivirus software work better than others. Make sure you install one that’s highly recommended and comes from a reputable company.

Browser settings

Malware can make changes to your browser settings. For example, malware can change your homepage settings to launch sites that are meant to extract information or display ads whenever you open a browser.

You need to check your settings as soon as possible to prevent browsers from launching annoying sites.

Microsoft Edge

To modify Microsoft Edge settings, go to Settings and More > Settings. Under the Open Microsoft Edge With drop-down menu, select A Specific Page or Pages.

How to scan a file or folder for malware with microsoft defender on windows 10

Check the URLs in the list and remove the unfamiliar domains.

Google Chrome

Open Google Chrome and go to Customize > Settings. Scroll down and locate On Startup. Select Open a Specific Page or Set of Pages.

How to scan a file or folder for malware with microsoft defender on windows 10

Remove the unfamiliar domains from the list.

Reformatting Your PC

There are times when users are forced to reformat their computers to remove malware. But before you do, make sure you back up important files if it’s still possible for you to do so.

Go to Settings > Update & Security > Recovery. Under Reset This PC, select Get Started. You will be presented with two options. Keep My Files will reformat your computer without deleting your files. Remove Everything will do just that – remove all files.

How to scan a file or folder for malware with microsoft defender on windows 10

Note: There’s a higher chance of removing malware if you remove everything. However, you do so at the risk of deleting files and settings.

Follow the on-screen commands until Windows 10 prompts you to reset your PC.

Christopher Jan Benitez is a freelance writer for hire who provides actionable and useful web content to small businesses and startups. In his spare time, he religiously watches professional wrestling and finds solace in listening to ’80s speed metal. Read Christopher’s Full Bio

Applies to

  • Windows 10 in S mode, version 1803

Windows 10 in S mode is streamlined for tighter security and superior performance. With Windows 10 in S mode, users can only use apps from the Microsoft Store, ensuring Microsoft-verified security so you can minimize malware attacks. In addition, using Microsoft Edge provides a more secure browser experience, with extra protections against phishing and malicious software.

The Windows Security interface is a little different in Windows 10 in S mode. The Virus & threat protection area has fewer options, because the built-in security of Windows 10 in S mode prevents viruses and other threats from running on devices in your organization. In addition, devices running Windows 10 in S mode receive security updates automatically.

How to scan a file or folder for malware with microsoft defender on windows 10

For more information about Windows 10 in S mode, including how to switch out of S mode, see Windows 10 Pro/Enterprise in S mode.

Managing Windows Security settings with Intune

In the enterprise, you can only manage security settings for devices running Windows 10 in S mode with Microsoft Intune or other mobile device management apps. Windows 10 in S mode prevents making changes via PowerShell scripts.

For information about using Intune to manage Windows Security settings on your organization’s devices, see Set up Intune and Endpoint protection settings for Windows 10 (and later) in Intune.

Microsoft Defender Antivirus protects your Windows devices from software threats, such as viruses, malware, and spyware.

  • Viruses typically spread by attaching their code to other files on your device or network and can cause infected programs to work incorrectly.
  • Malware includes malicious files, applications, and code that can cause damage and disrupt normal use of devices. Also, malware can allow unauthorized access, use system resources, steal passwords and account information, lock you out of your computer and ask for ransom, and more.
  • Spyware collects data, such as web-browsing activity, and sends the data to remote servers.

To provide threat protection, Microsoft Defender Antivirus uses several methods. These methods include cloud-delivered protection, real-time protection, and dedicated protection updates.

  • Cloud-delivered protection helps provide near-instant detection and blocking of new and emerging threats.
  • Always-on scanning uses file- and process-behavior monitoring and other techniques (also known as real-time protection).
  • Dedicated protection updates are based on machine learning, human and automated big-data analysis, and in-depth threat resistance research.

To learn more about malware and Microsoft Defender Antivirus, see the following articles:

What happens when a non-Microsoft antivirus solution is used?

Microsoft Defender Antivirus is part of the operating system and is enabled on devices that are running Windows 10. However, if you’re using a non-Microsoft antivirus solution and you aren’t using Microsoft Defender for Endpoint, then Microsoft Defender Antivirus automatically goes into disabled mode.

When in disabled mode, users and customers can still use Microsoft Defender Antivirus for scheduled or on-demand scans to identify threats; however, Microsoft Defender Antivirus will no longer:

  • be used as the default antivirus app.
  • actively scan files for threats.
  • remediate, or resolve, threats.

If you uninstall the non-Microsoft antivirus solution, Microsoft Defender Antivirus will automatically go into active mode to protect your Windows devices from threats.

  • If you’re using Microsoft 365, consider using Microsoft Defender Antivirus as your primary antivirus solution. Integration can provide better protection. See Better together: Microsoft Defender Antivirus and Office 365.
  • Make sure to keep Microsoft Defender Antivirus up to date, even if you’re using a non-Microsoft antivirus solution.

What to expect when threats are detected

When threats are detected by Microsoft Defender Antivirus, the following things happen:

Detections are listed in the Windows Security app on the Protection history page.

If you’ve secured your Windows 10 devices and enrolled them in Intune, and your organization has 800 or fewer devices enrolled, you’ll see threat detections and insights in the Microsoft 365 admin center on the Threats and antivirus page, which you can access from the Microsoft Defender Antivirus card on the Home page (or from the navigation pane by selecting Health > Threats & antivirus).

If your organization has more than 800 devices enrolled in Intune, you’ll be prompted to view threat detections and insights from Microsoft Endpoint Manager instead of from the Threats and antivirus page.

The Microsoft Defender Antivirus card and Threats and antivirus page are being rolled out in phases, so you may not have immediate access to them.

In most cases, users don’t need to take any further action. As soon as a malicious file or program is detected on a device, Microsoft Defender Antivirus blocks it and prevents it from running. Plus, newly detected threats are added to the antivirus and antimalware engine so that other devices and users are protected, as well.

If there’s an action a user needs to take, such as approving the removal of a malicious file, they’ll see that in the notification they receive. To learn more about actions that Microsoft Defender Antivirus takes on a user’s behalf, or actions users might need to take, see Protection History. To learn how to manage threat detections as an IT professional/admin, see Review detected threats and take action.

To learn more about different threats, visit the Microsoft Security Intelligence Threats site, where you can perform the following actions:

  • View current information about top threats.
  • View the latest threats for a specific region.
  • Search the threat encyclopedia for details about a specific threat.

Malware is malicious soft ware and it comes in a lot of different varieties. Viruses, ransomware, spyware, and more are all types of malware. Microsoft Defender has powerful built-in features that can help protect your device against malware.

Note: Microsoft Defender currently offers anti-malware only on Windows, Mac, and Android.

When you first set-up Microsoft Defender on your device we’ll run an initial scan to make sure you’re starting off clean.

Using anti-malware on your device

Microsoft Defender’s real-time anti-malware protection runs whenever your device is on, keeping an eye out for malicious activity.

Microsoft Defender will also run quick scans of your device on a daily basis, in case anything manages to elude the real-time protection.

If it spots something it will attempt to block it, and alert you so that you can take action if necessary.

If you’re concerned and want to have Microsoft Defender run a scan right now, you can do that by going to the Device protection page from the Microsoft Defender dashboard. For more information see How to start a scan for malware in Microsoft Defender

What if Defender finds malware?

If Defender finds malware on your device it’ll block it, notify you, and try to remove the malware if it can. In some instances Defender may need you to take some actions such as quarantining or removing the dangerous file or process.

After listening to feedback, we have decided to delay the retirement of this site until 06/15/2022. You have more time to let us know about the features you are using and how you are using them. To contact us, email [email protected]

  • Home
  • Resources
  • Feedback
  • Sign In

Controlled Folder Access

Scenario description

Scenario requirements and setup

  • Windows 10 1709 build 16273
  • Microsoft Defender AV
PowerShell commands
  • Set-MpPreference -EnableControlledFolderAccess Enabled
  • Enabled = Block mode (1)
  • AuditMode = Audit Mode (2)
  • Disabled = Off (0)
Verify configuration
  • Get-MpPreference

Scenario

Setup:

Download and run this setup script. Before running the script set execution policy to Unrestricted using this PowerShell command: Set-ExecutionPolicy Unrestricted
Downloaded CFA tool will be in the c:/demo/CFATestFiles folder.

You can perform these manual steps instead:

  1. Turn on CFA using powershell command: Set-MpPreference -EnableControlledFolderAccess Enabled
  2. Download the CFA test tool
  3. Execute PowerShell commands above
Scenario 1: Use the CFA test tool to simulate an untrusted process writing to a protected folder
  1. Launch CFA test tool
  2. Select the desired folder and create file
  3. You can find more information here

Clean-up

Download and run this cleanup script. You can perform these manual steps instead:

  • Set-MpPreference -EnableControlledFolderAccess Disabled

How to scan a file or folder for malware with microsoft defender on windows 10

A flaw in the free Microsoft Defender antivirus makes it very easy to bypass software defense systems. A hacker has the possibility of knowing the locations excluded by the analysis tool and of installing all types of malware there.

It’s been 8 years since a security breach affected theMicrosoft Defender antivirus, the security solution that equips PCs running Windows 10 and Windows 11 free of charge, as well as recent versions of Windows Server. And it has not been filled for 8 years by Microsoft.

In question : files to exclude during a Microsoft Defender virus scan. Indeed, the list of excluded elements is visible to all users of a PC. Therefore, a hacker who has control of the computer can install and execute any malware, without being worried by the operating system.

This flaw allows bypassing the defenses of Microsoft Defender Antivirus

Regardless of the security software used, it generally allowsexclude certain folders and files from scanning. A feature undoubtedly appreciated by users of pirate key generators, but not only… A good number of very recent applications (from Github, for example), or compressed using non-standard software (the followers of the demomakers scene know this) are sometimes falsely declared to be infected with malware. Those false positives are then quarantined by the antiviral analysis tool or directly deleted from the hard disk.

Read also: Windows Defender: you will soon be able to control the security of your PC on Android and iOS

This is why antiviruses allow you to specify the locations to be omitted during a scan of the computer’s hard disk. But in the case of Microsoft Defender Antivirus, there is a catch and it is a major one: the list of folders to omit is stored in the clear on the computer. If this list can only be consulted locally (it is therefore necessary to have control over a PC), any user has the possibility of viewing its content. And regardless of access rights : administrators as guests are all relegated to the same plan. A simple execution of the command query allows, since Windows 10, to list all the elements that are not scanned by the antivirus, whether it is a file, a folder, an extension or a process.

Therefore, an attacker can save malware in the omitted folder during a scan and run it afterwards, without Microsoft Defender raising the alarm. This is the experiment carried out successfully by the Bleeping Computer site. According to security expert Nathan McNulty, the flaw affects Windows 10 21H1 and Windows 10 21H2. On the other hand, it does not seem to concern Windows 11, which is already a good thing for those who have migrated to the new version of the OS. Still, no patch has been made by Microsoft since the discovery of this failure.

How to scan a file or folder for malware with microsoft defender on windows 10

Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed “MosaicLoader” that singles out individuals searching for cracked software as part of a global campaign.

“The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service,” Bitdefender researchers said in a report shared with The Hacker News. “The malware arrives on target systems by posing as cracked installers. It downloads a malware sprayer that obtains a list of URLs from the C2 server and downloads the payloads from the received links.”

How to scan a file or folder for malware with microsoft defender on windows 10

The malware has been so named because of its sophisticated internal structure that’s orchestrated to prevent reverse-engineering and evade analysis.

Attacks involving MosaicLoader rely on a well-established tactic for malware delivery called search engine optimization (SEO) poisoning, wherein cybercriminals purchase ad slots in search engine results to boost their malicious links as top results when users search for terms related to pirated software.

How to scan a file or folder for malware with microsoft defender on windows 10

Upon a successful infection, the initial Delphi-based dropper — which masquerades as a software installer — acts as an entry point to fetch next-stage payloads from a remote server and also add local exclusions in Windows Defender for the two downloaded executables in an attempt to thwart antivirus scanning.

How to scan a file or folder for malware with microsoft defender on windows 10

It’s worth pointing out that such Windows Defender exclusions can be found in the registry keys listed below:

  • File and folder exclusions – HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
  • File type exclusions – HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions
  • Process exclusions – HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes

One of the binaries, “appsetup.exe,” is conceived to achieve persistence on the system, whereas the second executable, “prun.exe,” functions as a downloader for a sprayer module that can retrieve and deploy a variety of threats from a list of URLs, ranging from cookie stealers to cryptocurrency miners, and even more advanced implants like Glupteba.

How to scan a file or folder for malware with microsoft defender on windows 10

“prun.exe” is also notable for its barrage of obfuscation and anti-reverse techniques that involve separating code chunks with random filler bytes, with the execution flow designed to “jump over these parts and only execute the small, meaningful chunks.”

How to scan a file or folder for malware with microsoft defender on windows 10

Given MosaicLoader’s wide-ranging capabilities, compromised systems can be co-opted into a botnet that the threat actor can then exploit to propagate multiple and evolving sets of sophisticated malware, including both publicly available and customized malware, to obtain, expand, and maintain unauthorized access to victim computers and networks.

“The best way to defend against MosaicLoader is to avoid downloading cracked software from any source,” the researchers said. “Besides being against the law, cybercriminals look to target and exploit users searching for illegal software,” adding it’s essential to “check the source domain of every download to make sure that the files are legitimate.”

Send any friend a story

As a subscriber, you have 10 gift articles to give each month. Anyone can read what you share.

Give this article

  • Read in app
    • June 28, 2017

    Q . Google Chrome has malware warnings . Does Microsoft’s Windows 10 browser have similar protections?

    A. Microsoft Edge, the browser created for its Windows 10 operating system, has a tool called the Windows Defender SmartScreen designed to thwart malicious websites, apps, downloads and other files that target PCs. The SmartScreen is optional, and you can set the level of protection you wish to have in the Windows Defender Security Center — like outright blocking potentially intrusive software, or opting for a warning that a site may possibly have malicious intentions.

    To get there in the latest version of Windows 10 (the Creators Update), go to the Start menu and open the Settings icon; you can also press the Windows and I keys on the keyboard to get there without the mouse. At the bottom of the Settings window, select Update & Security. On the next screen, choose Windows Defender and then Open Windows Defender Security Center.

    In the Windows Defender Security Center window, select App & Browser Control. In the SmartScreen for Microsoft Edge section, make your selection: Block, Warn or Off. (The warning is typically the default setting.)

    In addition to configuring protections for the Edge browser, you can also set up screening filters for apps and files downloaded from the web with Edge, or for apps downloaded through the online Windows Store. (Website screening involves checking the URL of a page you are visiting against a list of known malicious sites, so a link to Microsoft’s privacy policy is also displayed under each setting.)

    Earlier versions of Windows have a similar SmartScreen filter for the Internet Explorer browser that warns against potentially malicious sites and files. To see its settings in Internet Explorer, go to the Tools menu and select Safety.

    Microsoft has created several security solutions in the past that are either available as standalone downloads or integrated in Windows directly.

    The most common ones are Windows Defender, which Microsoft included in Windows Vista and successive versions of the Windows operating system, Microsoft Security Essentials, which is offered as a standalone version for versions of Windows prior to Windows 8, and the Malicious Software Removal Tool which is also available as a standalone version.

    Windows Defender is a real-time antivirus solution that is active by default on systems running Windows 8 and newer. While some protection is better than none usually, it is fairly limited when it comes to protecting Windows from attacks and ranks low in independent antivirus tests.

    The Malicious Software Removal Tool on the other hand has been designed specifically to remove malware from systems that are already infected (hence the name).

    How to scan a file or folder for malware with microsoft defender on windows 10

    One of the core differences between Windows Defender and the Malicious Software Removal Tool is therefore purpose. Windows Defender has been designed to block malicious code from being executed on the system to prevent infection of the system, while the Malicious Software Removal Tool’s purpose is to remove infections on systems that are already infected.

    Another difference is that Windows Defender runs all the time on the system like any other active antivirus solution while the Malicious Software Removal Tool only when the user activates it.

    Last but not least, updates are released regularly for Windows Defender which update the definition database while updates for the Malicious Software Removal Tool are usually only released once a month on Microsoft’s Patch Day (second Tuesday of each month).

    So, do you need both?

    How to scan a file or folder for malware with microsoft defender on windows 10

    Microsoft’s security solutions don’t necessarily share information when it comes to the detection of threats. I asked Microsoft Support specifically about Windows Defender and MSRT and I was told that MSRT may support the removal of malicious software that Windows Defender cannot block.

    I’m not sold on that 100% though considering that Windows Defender is listed as an option to detect and remove threats whenever a new MSRT update comes along.

    While it is possible to list all the threats that Microsoft’s Malicious Software Removal Tool supports, there seems to be no way to do the same for Windows Defender’s definitions database.

    It won’t hurt obviously to run the Malicious Software Removal Tool once a month after it has been updated on Patch Day to make sure nothing slipped by.

    Windows Defender was designed to deactivate automatically when another security solution is installed. That’s where Microsoft’s Software Removal Tool may come in handy as the installed security solution may not detect or remove all threats that Microsoft’s tool supports.

    Both programs are not providing the same level of protection that many third-party solutions offer due to their limited threat detection. While you may run them in addition to third-party security software, it is generally not recommended to run them exclusively on the system.

    Now You: What’s your experience in this regard?

    We show you how to use the Windows Malicious Software Removal Tool in Windows 10 to remove an active infection on your computer.

    How to scan a file or folder for malware with microsoft defender on windows 10

    In this article we’re going to show you how to use the Malicious Software Removal Tool (Microsoft MRT or MRST), a standalone tool to remove malware after an infection. It works across Windows 10, Windows Server 2019, Windows Server 2016, Windows 8.1, and earlier. We’ll be focusing on Windows 10 in this tutorial, but you can follow along on any Windows version.

    First, though, a little more about what this malware removal tool from Microsoft is all about. Why would you use this instead of Microsoft Defender, Microsoft Safety Scanner, or a piece of third-party software? The answer is that some malicious software may disable your anti-virus capabilities or be difficult to remove via traditional means.

    The Microsoft Malware Removal Tool: A Targeted Windows Malware Scanner
    The Microsoft Malicious Software Removal Tool, then, is more targeted. It only removes a concise list of the most prevalent malicious software and is designed to do so while the malware is active. It receives updates quarterly and automatically runs once per month. It comes in two forms: Windows Malicious Software Removal Tool 64-bit, and Windows Malicious Software Removal Tool 32-bit. The version you have will vary depending on your processor and OS type.

    It’s important to note that it does not remove spyware – only viruses, worms, and trojans, and does not stop malware from running in the first place. As a result, it’s not a replacement for typical virus scanning software.

    With that said, let’s get into how you can use the Windows Malicious Software Removal Tool to run a manual scan.

    How to Open, Find, and Use the Malicious Software Removal Tool

    Microsoft doesn’t signpost the location of MRT, so you’ll have to seek it out yourself via a targeted search or download it.

      Open Microsoft MRST Press Start and type “MRT”. Click the top result, which will be its file path.

    How to scan a file or folder for malware with microsoft defender on windows 10

    How to scan a file or folder for malware with microsoft defender on windows 10

    How to scan a file or folder for malware with microsoft defender on windows 10

    How to scan a file or folder for malware with microsoft defender on windows 10

    How to scan a file or folder for malware with microsoft defender on windows 10

    How to scan a file or folder for malware with microsoft defender on windows 10

    How to scan a file or folder for malware with microsoft defender on windows 10

    How to scan a file or folder for malware with microsoft defender on windows 10

    How to scan a file or folder for malware with microsoft defender on windows 10

    How to Run the Microsoft Malicious Software Removal Tool via Command Prompt

    If you can’t access your PC’s GUI because you have been locked out of your system by the malware, you can use the command-line instead.

      Open Command Prompt If you can still access the start menu, press Start and then type “CMD”. With Command Prompt selected, click “Run as administrator” on the right-hand side of your Start Menu.If you can’t access Command Prompt via the Start Menu, follow our guide to access it via Advanced Startup Options.

    In your command prompt window run one of the following commands:

    Chris Hoffman is Editor-in-Chief of How-To Geek. He’s written about technology for over a decade and was a PCWorld columnist for two years. Chris has written for The New York Times and Reader’s Digest, been interviewed as a technology expert on TV stations like Miami’s NBC 6, and had his work covered by news outlets like the BBC. Since 2011, Chris has written over 2,000 articles that have been read nearly one billion times—and that’s just here at How-To Geek. Read more.

    Nick Lewis is a staff writer for How-To Geek. He has been using computers for 20 years — tinkering with everything from the UI to the Windows registry to device firmware. Before How-To Geek, he used Python and C++ as a freelance programmer. In college, Nick made extensive use of Fortran while pursuing a physics degree. Read more.

    Windows computers sometimes do get viruses and other malware, but not every slow or misbehaving PC is infected by malware. Here’s how to check if you actually have a virus—and whether that suspicious process is dangerous or not.

    What Are the Signs of a Virus?

    Poor performance, application crashes, and computer freezes can sometimes be a sign of a virus or another type of malware wreaking havoc. However, that’s not always the case: There are many other causes of problems that can slow down your PC.

    Likewise, just because your PC is running fine doesn’t mean it doesn’t have malware. The viruses of a decade ago were often pranks that ran wild and used a lot of system resources. Modern malware is more likely to lurk silently and covertly in the background, trying to evade detection so it can capture your credit card numbers and other personal information. In other words, modern-day malware is often created by criminals just to make money, and well-crafted malware won’t cause any noticeable PC problems at all.

    Still, sudden poor PC performance may be one sign you have malware. Strange applications on your system may also indicate malware — but, once again, there’s no guarantee malware is involved. Some applications pop up a Command Prompt window when they update, so strange windows flashing onto your screen and quickly disappearing may be a normal part of the legitimate software on your system.

    There’s no one-size-fits-all piece of evidence to look for without actually scanning your PC for malware. Sometimes malware causes PC problems, and sometimes it’s well-behaved while sneakily accomplishing its goal in the background. The only way to know for sure whether you have malware is to examine your system for it.

    How to Check if a Process Is a Virus or Not

    You might be wondering if your computer has a virus because you’ve seen a strange process in the Windows Task Manager, which you can open by pressing Ctrl+Shift+Esc or by right-clicking the Windows taskbar and selecting “Task Manager.”

    How to scan a file or folder for malware with microsoft defender on windows 10

    It’s normal to see quite a few processes here — click “More Details” if you see a smaller list. Many of these processes have strange, confusing names. That’s normal. Windows includes quite a few background processes, your PC manufacturer added some, and applications you install often add them.

    How to scan a file or folder for malware with microsoft defender on windows 10

    Badly behaved malware will often use a large amount of CPU, memory, or disk resources and may stand out here. If you’re curious about whether a specific program is malicious, right-click it in the Task Manager and select “Search Online” to find more information.

    If information about malware appears when you search the process, that’s a sign you likely have malware. However, don’t assume that your computer is virus-free just because a process looks legitimate. A process could lie and say it’s “Google Chrome” or “chrome.exe,” but it may just be malware impersonating Google Chrome that’s located in a different folder on your system. If you’re concerned you might have malware, we recommend performing an anti-malware scan.

    The Search Online option isn’t available on Windows 7. If you use Windows 7, you’ll have to plug the name of the process into Google or another search engine instead.

    How to scan a file or folder for malware with microsoft defender on windows 10

    How to Scan Your Computer for Viruses

    By default, Windows 11 is always scanning your PC for malware with the integrated Windows Security application, also known as Microsoft Defender. You can, however, perform manual scans.

    On Windows 10 or 11, open your Start menu, type “Security,” and click the “Windows Security” shortcut to open it. You can also head to Settings > Update & Security > Windows Security > Open Windows Security on Windows 10, or Settings > Privacy and Security > Windows Security > Open Windows Security on Windows 11.

    How to scan a file or folder for malware with microsoft defender on windows 10

    To perform an anti-malware scan, click “Virus & threat protection.”

    How to scan a file or folder for malware with microsoft defender on windows 10

    Click “Quick Scan” to scan your system for malware. Microsoft Defender will perform a scan and give you the results. If any malware is found, it will offer to remove it from your PC automatically.

    How to scan a file or folder for malware with microsoft defender on windows 10

    If you want a second opinion — always a good idea if you’re concerned you might have malware, and your primary antivirus doesn’t find anything — you can perform a scan with a different security application, too.

    We like and recommend Malwarebytes, which pairs well with Windows Security to provide an extra layer of protection for your PC. The free version of Malwarebytes will let you perform manual scans to check for viruses and other malware on your PC. The paid version adds real-time protection—but, if you’re just looking to test a computer for malware, the free version will work perfectly.

    How to scan a file or folder for malware with microsoft defender on windows 10

    Windows 7 doesn’t include built-in antivirus software. You can download Microsoft Security Essentials and run a scan with it if you need a free option. It provides similar protection to the Microsoft Defender security software built into Windows 10 and 11. (Update: Now that Windows 7 is no longer supported, Microsoft Security Essentials is no longer available. We recommend you upgrade to a modern version of Windows.)

    If your antivirus application finds malware but has trouble removing it, try performing a scan in Safe Mode, use an antivirus rescue software, or use Microsoft Defender’s Offline Scan.

    You can also ensure you don’t have malware on your PC by resetting Windows to its default state.

    Ionut Ilascu
    • September 15, 2020
    • 05:20 AM
    • 4

    How to scan a file or folder for malware with microsoft defender on windows 10

    The list of native executables in Windows that can download or run malicious code keeps growing as another one has been reported recently.

    These are known as living-off-the-land binaries (LoLBins) and can help attackers bypass security controls to fetch malware without triggering a security alert on the system.

    Works for download and exfil

    The latest addition is finger.exe, a command that ships with Windows to retrieve information about users on remote computers running the Finger service or daemon. Communication is carried via the Name/Finger network communication protocol.

    Security researcher John Page discovered that the Microsoft Windows TCPIP Finger command can also function as a file downloader and a makeshift command and control (C3) server that can serve for sending commands and exfiltrating data.

    According to the researcher, the C2 commands can be masked as finger queries that fetch files and exfiltrate data, without Windows Defender detecting the anomalous activity.

    One problem could be that port 79, used by the Finger protocol, is often blocked within an organization, the page says in a blog post on Friday.

    However, an attacker with sufficient privileges can bypass the restriction by using Windows NetSh Portproxy, which acts as a port redirector for the TCP protocol.

    This method would allow getting past firewall rules and communicate with servers over the unrestricted ports for HTTP(S). This way, Portproxy queries are delivered to the local machine IP and then forwarded to the specified C2 host.

    Using finger.exe to download files also has limitations but nothing that can’t be overcome since encoding them with Base64 is enough to evade detection.

    Demo scripts available

    The researcher created proof-of-concept (PoC) scripts – DarkFinger.py for the C2 and the client-side DarkFinger-Agent.bat – and released them publicly to demonstrate how finger.exe’s double functionality.

    In a video showing how the scripts work, Page compared his newly discovered method to certutil.exe, another LoLBin in Windows abused for malicious purposes.

    Windows Defender stopped certutil activity and logged the event, while the DarkFinger script completed the action uninterrupted on a Windows 10 machine:

    A report from Cisco Talos last year listed 13 LoLBins in Windows but security researchers found new executables that fit the bill.

    One of the most recent BleepingComputer reported on is none other than the Windows Defender antivirus built into Windows, which can download arbitrary files using the -DownloadFile command-line argument, added either in version 4.18.2007.9 or 4.18.2009.9.

    Another one is “desktopimgdownldr.exe,” an executable present in Windows 10’s system32 directory, which is part of the Personalization CSP for changing the lock screen and desktop background images.

    Previously, we reported that Microsoft Teams could also help an attacker retrieve and execute malware from a remote location.

    Critical update for security engine rushed out the door

    Miscreants can turn the tables on Microsoft and use its own antivirus engine against Windows users – by abusing it to install malware on vulnerable machines.

    A particularly nasty security flaw exists in Redmond’s anti-malware software, which is packaged and marketed in various forms: Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Forefront Security for SharePoint, Microsoft Endpoint Protection, and Microsoft Forefront Endpoint Protection. All are, at this moment, at risk. It is switched on by default in Windows 8, 8.1, 10, and Windows Server 2012.

    It is possible for hackers to craft files that are booby-trapped with malicious code, and this nasty payload is executed inadvertently and automatically by the scanner while inspecting messages, downloads and other files. The injected code runs with administrative privileges, allowing it to gain full control of the system, install spyware, steal files, and so on.

    In other words, while Microsoft’s scanner is silently searching your incoming email for malware, it can be tricked into running and installing the very sort of software nasty it’s supposed to catch and kill.

    On Monday night, in an emergency update, Microsoft fixed the vulnerability in its security packages. This upgrade will be automatically fetched and installed by the scanner engine on your machines, quietly closing the embarrassing security hole over the next two days.

    “The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file,” explained Redmond’s security team.

    “An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.

    “Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malware Protection Engine, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.”

    The programming blunder – CVE-2017-0290 – was discovered and reported to Redmond by Google Project Zero’s Natalie Silvanovich and Tavis Ormandy. The latter described the bug as “the worst Windows remote code [execution] in recent memory. This is crazy bad.”

    Ahead of tonight’s drama, Ormandy tweeted about the bug’s existence on Friday evening, and, understandably, gave no further details because at the time there was no patch yet available:

    [email protected] Attack works against a default install, don’t need to be on the same LAN, and it’s wormable. 🔥

    Sources familiar with the matter told The Reg that Ormandy contacted the Windows giant before tweeting.

    It was feared this vulnerability – even though details were scant – would remain unpatched for potentially weeks or months. Earlier, we asked Microsoft if it could share a timetable for the fix’s release so that IT admins could plan downtimes and update cycles.

    In response, Microsoft spokespeople told us: “Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.”

    So, basically, jog on, nerds. But as it turns out Microsoft was faster off the ball than expected. “Still blown away at how quickly Microsoft Security responded to protect users,” said Ormandy on Monday. “I can’t give enough kudos. Amazing.”

    An easy way for attackers to exploit the scanner bug would be to send malicious malware-laden files to a victim as an attachment on an email or instant message, or an automatic download from a webpage, which would be automatically scanned on arrival – and trigger an infection.

    Responsible disclosure

    Ormandy’s early warning of the bug, just before the weekend, sparked a torrent of whining from some in the infosec world, who felt the researcher was playing his own game with the news.

    Ormandy has done this sort of teasing before. Twice in the past few months, he has warned of flaws in the LastPass password manager. In both cases, the software maker’s engineers spent their weekends getting security updates built and out the door.

    But there is nothing irresponsible about such disclosure. To be responsible, researchers have to inform the writers of the flawed software with full details and preferably a proof of concept for exploiting it. Once that’s done, they can talk about the flaw tangentially, but not give clues as to how it works for fear of alerting exploit writers and malware-slinging scumbags.

    That didn’t stop many people online accusing the duo of being reckless – for, one, warning of the existence of a bug early, and causing worry among IT managers and normal folk – and, two, for doing it on a Friday night when everyone has gone home or to the bar.

    On that first point, the complainers are dead wrong – in some cases, going public forces companies into action. Over the years we’ve seen multiple examples of organizations getting word of flaws and dragging their feet for months, or even years, before fixing issues that malware developers may already have spotted.

    On the second point, well, we hate to break it to you but all software has bugs – especially Microsoft’s code. There are any number of horrible remote code execution flaws in Windows and Office right now, sitting there waiting for white and black hats to find and exploit. Being told, yes, there is definitely a bad bug lurking in among the ones and zeroes doesn’t make you less secure.

    Short of something overly drastic, there isn’t really anything you can do until the patch lands – it just would be helpful if Microsoft gave folks a heads up.

    If a tweet is causing panic or confusion in your organization, the problem isn’t the tweet, the problem is your organization

    The Windows maker should be counting its blessings. It just received a free flaw report that could have cost them a lot in bug bounties, and was able to quietly, on a Monday evening while most of the Western world was asleep or commuting home, slip out a fix. ®

    In this day and age when viruses, malware, potentially unwanted programs (PUPs), and several other kinds of infections can attack your computer, steal your data and even leave it inoperable, you need to have a robust protection strategy in the form of an Antivirus or Antimalware. And, there are several great paid and free tools. If you are a Windows user, you might already be using Microsoft Windows Defender to defend your computer against viruses, but, in this blog, we are going to talk about Microsoft Safety Scanner, another tool that helps you scan and remove malware, spyware, potentially unwanted programs and other infections from your computer.

    What is Microsoft Safety Scanner?

    If you are looking for a free and quick way to scan and remove malware, Microsoft Safety Scanner can be a great option. It has the same engine as Microsoft Defender and it can render protection against malware, spyware, adware, browser hijackers, Trojan horse, and other malicious viruses.

    Should It Be A Replacement For Standalone Antivirus or Antimalware Products

    Even though Microsoft Safety Scanner is a good antivirus solution but it should not be the only antivirus tool on your computer. To substantiate this, here are few pointers –

    • It doesn’t offer real-time protection
    • You will have to install the application every 10 days
    • It doesn’t update automatically. Microsoft itself urges you to install the latest version before each use
    • It doesn’t have a desktop icon or doesn’t appear on your Start Menu
    • The interface is simple and it doesn’t have as many options as many other antimalware applications

    If you are on the hunt for some great antivirus applications, do check out this post. In addition to that, you must always opt for genuine and highly reviewed antivirus software such as IObit Malware Fighter.

    IObit Malware Fighter – Features At A Glance

    How to scan a file or folder for malware with microsoft defender on windows 10

    • Interactive, decent, and simple to use interface
    • Real-time threat protection
    • Multiple scan types – smart, full, and custom
    • Data protection modules where you can protect data from ransomware and even password protect your data
    • Browser protection

    Download IObit Malware Fighter

    Where Can I Get Microsoft Safety Scanner And How To Use It?

    Here’s a comprehensive guide on where you can download Microsoft Safety Scanner and how you can use it.

    Note: Before installing it make sure you first go through the “Important Things To Take Note Of”.

    1. Visit Microsoft Safety Scanner download page and download Microsoft Safety Scanner (64-bit)

    2. Run the installation file (msert executable download file)

    How to scan a file or folder for malware with microsoft defender on windows 10

    3. Select the type of scan –

    (i) Quick scan: Most vulnerable areas of your computer are scanned for viruses, PUPs, and spyware. In case one such software is found, you will be prompted to run a full scan.

    (ii) Full scan: Here the entire system is scanned for infections. Being an in-depth scan, and, this scan make take up to several hours to finish depending on the speed of your computer

    (iii) Customized scan: In this kind of scan you can specify the folder that you wish to scan for infections. The scan will further take into account the vulnerable areas as mentioned in the quick scan as well

    How to scan a file or folder for malware with microsoft defender on windows 10

    4. The scanning will then take place. Wait for the process to complete till Microsoft Safety Scanner searches for malicious applications on your computer

    5. Once the scanning completes, you will be able to see if there are any malicious applications or files on your computer

    How to scan a file or folder for malware with microsoft defender on windows 10

    Important Things To Take Note Of –

    How to scan a file or folder for malware with microsoft defender on windows 10

    Not A Replacement For Any Antimalware Solution –

    This tool scans your computer for and removes spyware, viruses, and other PUPs (Potentially Unwanted Programs) but, it is not a replacement for any anti-malware solution. You should download an Antimalware solution such as IObit Malware Fighter or Microsoft’s very Windows Defender to prevent your computer from malware.

    – Take A Note Of The Download Location

    Microsoft Safety Scanner doesn’t appear in the start menu and neither will you see an icon on your desktop. So, take note of the location where you have downloaded the file.

    – Runs When Manually Triggered

    Since you will neither find Microsoft Safety Scanner in the start menu or on the desktop, you will have to run it each time from the download location only. Also, Microsoft urges you to download and install the latest version of Microsoft Safety Scan before you perform the next scan.

    – Available For 10 Days

    Microsoft Safety Scanner will be available for 10 days after you install it. For removing the tool, you can go to the download location and remove the .exe file (msert.exe)

    Wrapping Up

    No doubt Microsoft Safety Scanner is a great antimalware tool but it should not be the only antimalware software. If you liked the blog, give it a thumbs up and for more such updates, keep reading Tweak Library. You can also follow us on YouTube, Facebook, Twitter, Instagram, Pinterest, Flipboard, and Tumblr.

    Java exploits remain biggest threat to PCs, says Microsoft

    Senior Reporter, Computerworld |

    One in every 20 Windows PCs whose users turned to Microsoft for cleanup help were infected with malware, Microsoft said this week.

    Microsoft cited that statistic and others from data generated by its new Safety Scanner, a free malware scanning and scrubbing tool that re-launched May 12.

    The 420,000 copies of the tool that were downloaded in the first week of its availability cleaned malware or signs of exploitation from more than 20,000 Windows PCs, Microsoft’s Malware Protection Center (MMPC) reported Wednesday. That represented an infection rate of 4.8%.

    On average, each of the infected PCs hosted 3.5 threats, which Microsoft defined as either actual malware or clues that a successful attack had been launched against the machine.

    Of the top 10 threats found by Safety Scanner, seven were Java exploits, said Scott Wu and Joe Faulhaber of the MMPC, in a blog post. Wu is a program manager with the MMPC, while Faulhaber is a software engineer.

    That finding backs up a recent Microsoft security intelligence report that noted a huge spike in Java-based exploits in the second half of 2010, when the number tracked by Microsoft jumped to nearly 13 million from around 1 million in the first six months of that year.

    Microsoft blamed exploits of just two vulnerabilities in Oracle’s Java for generating 85% of all Java attacks in the second half of 2010. Not surprising, those same two vulnerabilities ranked No. 1 and No. 6 in the Safety Scanner top 10.

    One of the heavily-exploited Java bugs was patched in December 2008 by Sun — which has since been swallowed by Oracle — while the other was fixed in November 2009.

    Microsoft has sounded the warning about the explosion in Java exploits before. In October 2010, Holly Stewart, another MMPC manager, said the attack volume was “scary” and “unprecedented.”

    Hacker reliance on Java made sense to Marc Fossi, the director of Symantec’s security response team, in an interview last year. “Since Java is both cross-browser and cross-platform, it can be appealing to attackers,” he said, referring to Java’s use by every major browser, and on Windows, Mac OS and Linux.

    Safety Scanner found 2,272 Windows PCs with evidence of an exploit of the most wide-used Java bug, dubbed “CVE-2008-5353” in the Common Vulnerabilities & Exploits database. Of those machines, 7.3% of them also contained the notorious Alureon rootkit, while 5.7% of them had been infected with one of the fake security programs of the “Winwebsec” family.

    “By the time a user downloads and runs [Microsoft Safety Scanner] to detect malware, the machine may have already been infected, if it was vulnerable to the exploit at the time,” acknowledged Wu and Faulhaber.

    Alureon made news in February 2010 when Windows XP systems infected with the rootkit were crippled after a Microsoft security update. And Winwebsec, as Microsoft called the line of phony antivirus software that dupes victims into paying for the worthless program, has been linked to MacDefender, the scareware that’s been plaguing Mac users all month.

    Safety Scanner, which replaced an older online-only tool, uses the same technology and detection signatures as Microsoft’s free consumer-grade Security Essentials antivirus program and its Forefront Endpoint Protection product for enterprises.

    Senior Reporter Gregg Keizer covers Windows, Office, Apple/enterprise, web browsers and web apps for Computerworld.

    According to researchers, the fake upgrade injects malware onto Windows-based devices and steals crypto wallets and browsing data.

    CloudSEK security researchers have discovered a fake Windows 11 update website that would seem pretty convincing to unsuspecting users. The website offers the visitors a free Windows 11 installation for PCs not meeting the operating system’s minimum specifications. However, it actually installs a data stealer.

    For your information, Windows 11 comes with a handsome set of requirements, the most famous one being that the system must support Trusted Platform Module version 2.0 (TPM 2.0). This is why even powerful computers and laptops have become incompatible with Win 11. This has led to a rise in malicious campaigns luring people to fake websites like this one.

    How to Identify Fake Website

    Since people are looking for ways to circumnavigate TPM 2.0 so that their PCs meet Windows 11 requirements, in the campaign identified by CloudSEK researchers, the website looks genuine, but when examined closely, they learned that the site URL wasn’t an authentic Microsoft address and was just designed in a way to look like a genuine Microsoft website with official logos and artwork.

    How to scan a file or folder for malware with microsoft defender on windows 10 Fake Windows 11 Update Website (Image: CloudSEK via Bleeping Computer)

    Moreover, researchers discovered that when they clicked the Download Now button, the site downloaded an ISO file containing malware instead of the Windows 11 upgrade.

    Details of the Malware

    The fake Microsoft website, according to Bleeping Computer, delivers Inno Stealer malware. The malicious software uses a portion of the Windows installer for creating temporary files on the infected device.

    Later, it produces processes that execute and store four additional files on the system. Some of these files contain specially designed scripts to disable vital security features like the Windows registry.

    Furthermore, they tweak Windows’ default anti-virus software, Windows Defender, and can also delete security products from ESET and Emisoft.

    Moreover, files can run commands at the highest system privileges. One of the files created in the C:\Users\\AppData\Roaming\Windows11InstallationAssistant folder contains the data-stealing code titled Windows11InstallationAssistant.scr and takes information from web browsers, stored passwords, other PC files, and cryptocurrency wallets. The stolen data is transmitted to those operating this fake website.

    How to Stay Safe?

    You may be desperate to install Windows 11 and frustrated that your system doesn’t support this OS; remember to download ISO files only from sites or sources you are 100% sure are legitimate. Scammers are getting highly precise with creating fake websites to make them appear legit, so you should focus on tell-tale signs like the web address.

    Moreover, if your device meets Windows 11 compatibility requirements, you will be alerted through the built-in Windows Update feature. That’s the safest way to install a genuine Win 11 update.

    How to scan a file or folder for malware with microsoft defender on windows 10

    Enabling Edge Workspaces and Arranging Tabs Efficiently

    To protect Windows computers from harmful threats and hidden malware, Microsoft offers many ways to clean up a compromised system. You have built-in Microsoft Defender (also called Windows Security) that scans the computer and protects it from unwanted software. But if Microsoft Defender fails to take any action against viruses, your Microsoft Safety Scanner is also at your service. Now, there’s a small chance you’ve never heard of Safety Scanner before, and we’re here to fix it. In this article, we will learn what Microsoft Safety Scanner is and how to use it to get rid of computer viruses and spyware. On that note, let’s move on to the explainer.

    Everything You Need To Know About Microsoft Safety Scanner (2021)

    Here, we’ve explained the Microsoft Safety Scanner and its use cases. You can also find instructions on how to use this useful tool. Expand the table below and skip to any section that suits you.

    What is Microsoft Safety Scanner?

    Like Microsoft Defender, Microsoft Safety Scanner is a malware removal tool (MSRT) for Windows computers. He even Shares the same engine and virus definition as Microsoft Defender. So what exactly is the difference between Microsoft Safety Scanner and Windows Defender?

    First of all, Microsoft Safety Scanner does not provide real-time protection and cannot replace your traditional antivirus. Second, it is a portable program, that is, a standalone program and no installation required like other software programs. You just download and run the program. You don’t have to wait for any application installations, engine updates and new virus definitions to start removing malware on your Windows 10 PC. So yes, Microsoft Safety Scanner is a complete program in itself.

    Programs like Microsoft Safety Scanner are useful when a computer, including its major system components, has been compromised and you no software installation is allowed To check the security status In this scenario, you can no longer trust the system and need an external program to review the security of your computer. Microsoft Safety Scanner scans the entire system and looks for malware, spyware, viruses and all kinds of junk. It also allows you to remove them with one click.

    Remember, unlike Microsoft Defender, Microsoft Safety Scanner has only 10 days validity. Once the 10-day validity period has expired, you must download the latest version from Microsoft’s website. This is because the new tool brings engine and virus definition updates to catch newly found malware.

    How to Use Microsoft Safety Scanner

    1. First of all, go to this page and Download Microsoft Safety Scanner for free. Most modern computers are built on 64-bit architecture, so go ahead and download the 64-bit program. However, if you are confused, open Windows Settings and go to System -> About. Here you can confirm the System Type.

    How to scan a file or folder for malware with microsoft defender on windows 10

    2. Next, double click on the downloaded program and run it. Click “Next” and you are done. No installation needed.

    How to scan a file or folder for malware with microsoft defender on windows 10

    3. Next, choose what type of scan you want to run on your Windows computer. You have three options to choose from. quick scan, full scan and customized scan. Here’s what each of these options means:

    • Quick scan: The tool scans the part of your computer that is likely to contain viruses, spyware, and other unwanted software. It does not automatically remove the virus and instead prompts you to run a full scan.
    • full scan: A complete system scan to detect and eliminate unwanted software.
    • Customized Scan: This option performs a quick scan and also checks for viruses and malware in a user-specified folder location.

    How to scan a file or folder for malware with microsoft defender on windows 10

    4. Microsoft Safety Scanner will show you the number of scanned and infected files, if any, during the scan. Then you can remove the infected files and free your computer from unwanted software.

    How to scan a file or folder for malware with microsoft defender on windows 10

    5. If the tool does not find any infected files, it will display the following message: ‘Scan completed successfully and no viruses, spyware and other potentially unwanted software were detected.

    How to scan a file or folder for malware with microsoft defender on windows 10

    Keep Your Windows 10 PC Safe with MSRT

    That’s all you need to know about Microsoft Safety Scanner. As we can see, the program is quite helpful in various scenarios where you are not even allowed to open your installed antivirus. But you can still run Safety Scanner from a flash drive and scan your entire Windows 10 PC even without installing this tool. So go ahead and try this clean Windows 10 trick on an affected system. You should also check out how to create a system restore point in Windows 10 as you may need to reinstall the operating system. Anyway, that’s it for us. If you have any questions, let us know in the comment section below.

    Enjoy top notch malware protection without opening your wallet

    How to scan a file or folder for malware with microsoft defender on windows 10

    How to scan a file or folder for malware with microsoft defender on windows 10

    • Tweet
    • Share
    • Email
    • Tweet
    • Share
    • Email

    Malware has become a commonplace problem, since it’s easier than ever to pick up malware, even when you think your internet behavior isn’t risky. That’s why malware removal tools exist. The best malware removal tools will excel at virus removal and dealing with spyware. We reviewed numerous malware removal tools to come up with this list of the best for Windows and Mac computers.

    Best Overall: Malwarebytes

    How to scan a file or folder for malware with microsoft defender on windows 10

    Great independent testing scores.

    Available for Windows, macOS, iOS, and Android.

    Lacks real-time scanning.

    Includes few extra features.

    Malwarebytes takes our top pick for the best overall free malware removal tool thanks to its sterling reputation, frequent updates, and how easy it is to use. The free version of Malwarebytes Anti-Malware even comes with a 14 day free trial of the premium version, which protects you with real-time scanning and additional measures to thwart ransomware.

    Malwarebytes is a comprehensive security tool that’s designed to shore up your traditional antivirus program. It receives daily updates to help you keep on top of the latest malware, and also employs a number of techniques that can help it identify brand new malware on your system that’s never even been seen before. Once Malwarebytes has identified an issue, it’s able to clean up and remove the malicious code.

    This fantastic malware removal tool is available for Windows, macOS, iOS, Android, and even Chromebooks. The free version allows you to scan for malware and remove it whenever you want, but it lacks the real-time scanning and protection that you get from the premium version.

    Best Antivirus With Malware Removal: Bitdefender Antivirus Free Edition

    How to scan a file or folder for malware with microsoft defender on windows 10

    Includes anti-malware protection.

    Available for Windows, macOS, and Android.

    Excellent independent testing scores.

    iOS version only available with premium versions.

    No automatic (software) updates, but virus definitions are auto-update.

    You can use a lot of our favorite malware removal tools with the antivirus program of your choice, but Bitdefender is our pick for the best antivirus that includes built-in malware protection. That means you can use it as your primary defense against viruses, worms, trojans, zero-day exploits, rootkits, and all sorts of malware as well.

    The free version of Bitdefender is a lightweight antivirus program that’s available for Windows, Android, and macOS. Bitdefender Antivirus Plus and Bitdefender Total Security, which are both paid versions of the software, add protection for iOS as well.

    While the free version lacks some of the advanced features you get with the premium versions of Bitdefender, like automatic updates, it’s equipped with the basic features required to protect your computer with real-time threat detection, virus scanning, and malware removal.

    In addition to real-time threat detection, Bitdefender also has a handy option that allows you to drag and drop suspicious files or folders to the home screen of the app. This is an extremely easy way to quickly scan any files that you suspect may be infected.

    InfoSec and Compliance

    • Home
    • About
    • InfoSec Books
    • InfoSec Threats
    • Contact
    • InfoSec webinars & blogs

    Threat actors can bypass malware detection due to Microsoft Defender weakness

    A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection.

    Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning.

    Microsoft Defender allows users to exclude locations on their machines that should be excluded from scanning by the security solution.

    The knowledge of the list of scanning exceptions allows attackers to know where to store their malicious code to avoid detection. This means that once inside a compromised network, threat actors can decide were store their malicious tools and malware without being detected.

    The issue seems to affect Windows 10 21H1 and Windows 10 21H2 since at least eight years, but it does not affect Windows 11.

    Noticed that almost 8 years ago when I started in Tech Support. Always told myself that if I was some kind of malware dev I would just lookup the WD exclusions and make sure to drop my payload in an excluded folder and/or name it the same as an excluded filename or extension…

    SentinelOne threat researcher Antonio Cocomazzi pointed out that the list of scanning exceptions can be accessed by any local user, regardless of its permissions.

    Running the “reg query” command it is possible to access the list.

    Windows Defender AV allows Everyone to read the configured exclusions on the system 🤦

    How to scan a file or folder for malware with microsoft defender on windows 10

    TIDAL How to Make Your Music Sound Better

    To protect Windows computers from harmful threats and hidden malware, Microsoft offers many ways to clean up a compromised system. You have built-in Microsoft Defender (also called Windows Security) that scans the computer and protects it from unwanted software. But if Microsoft Defender fails to take any action against viruses, your Microsoft Safety Scanner is also at your service. Now, there’s a small chance you’ve never heard of Safety Scanner before, and we’re here to fix it. In this article, we will learn what Microsoft Safety Scanner is and how to use it to get rid of computer viruses and spyware. On that note, let’s move on to the explainer.

    Everything You Need To Know About Microsoft Safety Scanner (2021)

    Here, we’ve explained the Microsoft Safety Scanner and its use cases. You can also find instructions on how to use this useful tool. Expand the table below and skip to any section that suits you.

    What is Microsoft Safety Scanner?

    Like Microsoft Defender, Microsoft Safety Scanner is a malware removal tool (MSRT) for Windows computers. He even Shares the same engine and virus definition as Microsoft Defender. So what exactly is the difference between Microsoft Safety Scanner and Windows Defender?

    First of all, Microsoft Safety Scanner does not provide real-time protection and cannot replace your traditional antivirus. Second, it is a portable program, that is, a standalone program and no installation required like other software programs. You just download and run the program. You don’t have to wait for any application installations, engine updates and new virus definitions to start removing malware on your Windows 10 PC. So yes, Microsoft Safety Scanner is a complete program in itself.

    Programs like Microsoft Safety Scanner are useful when a computer, including its major system components, has been compromised and you no software installation is allowed To check the security status In this scenario, you can no longer trust the system and need an external program to review the security of your computer. Microsoft Safety Scanner scans the entire system and looks for malware, spyware, viruses and all kinds of junk. It also allows you to remove them with one click.

    Remember, unlike Microsoft Defender, Microsoft Safety Scanner has only 10 days validity. Once the 10-day validity period has expired, you must download the latest version from Microsoft’s website. This is because the new tool brings engine and virus definition updates to catch newly found malware.

    How to Use Microsoft Safety Scanner

    1. First of all, go to this page and Download Microsoft Safety Scanner for free. Most modern computers are built on 64-bit architecture, so go ahead and download the 64-bit program. However, if you are confused, open Windows Settings and go to System -> About. Here you can confirm the System Type.

    2. Next, double click on the downloaded program and run it. Click “Next” and you are done. No installation needed.

    3. Next, choose what type of scan you want to run on your Windows computer. You have three options to choose from. quick scan, full scan and customized scan. Here’s what each of these options means:

    • Quick scan: The tool scans the part of your computer that is likely to contain viruses, spyware, and other unwanted software. It does not automatically remove the virus and instead prompts you to run a full scan.
    • full scan: A complete system scan to detect and eliminate unwanted software.
    • Customized Scan: This option performs a quick scan and also checks for viruses and malware in a user-specified folder location.

    4. Microsoft Safety Scanner will show you the number of scanned and infected files, if any, during the scan. Then you can remove the infected files and free your computer from unwanted software.

    5. If the tool does not find any infected files, it will display the following message: ‘Scan completed successfully and no viruses, spyware and other potentially unwanted software were detected.

    Keep Your Windows 10 PC Safe with MSRT

    That’s all you need to know about Microsoft Safety Scanner. As we can see, the program is quite helpful in various scenarios where you are not even allowed to open your installed antivirus. But you can still run Safety Scanner from a flash drive and scan your entire Windows 10 PC even without installing this tool. So go ahead and try this clean Windows 10 trick on an affected system. You should also check out how to create a system restore point in Windows 10 as you may need to reinstall the operating system. Anyway, that’s it for us. If you have any questions, let us know in the comment section below.

    How to scan a file or folder for malware with microsoft defender on windows 10

    Windows computers sometimes do get viruses and other malware, but not every slow or misbehaving PC is infected by malware. Here’s how to check if you actually have a virus—and whether that suspicious process is dangerous or not.

    What Are the Signs of a Virus?

    Poor performance, application crashes, and computer freezes can sometimes be a sign of a virus or another type of malware wreaking havoc. However, that’s not always the case: There are many other causes of problems that can slow down your PC.

    Likewise, just because your PC is running fine doesn’t mean it doesn’t have malware. The viruses of a decade ago were often pranks that ran wild and used a lot of system resources. Modern malware is more likely to lurk silently and covertly in the background, trying to evade detection so it can capture your credit card numbers and other personal information. In other words, modern-day malware is often created by criminals just to make money, and well-crafted malware won’t cause any noticeable PC problems at all.

    Still, sudden poor PC performance may be one sign you have malware. Strange applications on your system may also indicate malware — but, once again, there’s no guarantee malware is involved. Some applications pop up a Command Prompt window when they update, so strange windows flashing onto your screen and quickly disappearing may be a normal part of the legitimate software on your system.

    There’s no one-size-fits-all piece of evidence to look for without actually scanning your PC for malware. Sometimes malware causes PC problems, and sometimes it’s well-behaved while sneakily accomplishing its goal in the background. The only way to know for sure whether you have malware is to examine your system for it.

    How to Check if a Process Is a Virus or Not

    You might be wondering if your computer has a virus because you’ve seen a strange process in the Windows Task Manager, which you can open by pressing Ctrl+Shift+Esc or by right-clicking the Windows taskbar and selecting “Task Manager.”

    How to scan a file or folder for malware with microsoft defender on windows 10

    It’s normal to see quite a few processes here — click “More Details” if you see a smaller list. Many of these processes have strange, confusing names. That’s normal. Windows includes quite a few background processes, your PC manufacturer added some, and applications you install often add them.

    How to scan a file or folder for malware with microsoft defender on windows 10

    Badly behaved malware will often use a large amount of CPU, memory, or disk resources and may stand out here. If you’re curious about whether a specific program is malicious, right-click it in the Task Manager and select “Search Online” to find more information.

    If information about malware appears when you search the process, that’s a sign you likely have malware. However, don’t assume that your computer is virus-free just because a process looks legitimate. A process could lie and say it’s “Google Chrome” or “chrome.exe,” but it may just be malware impersonating Google Chrome that’s located in a different folder on your system. If you’re concerned you might have malware, we recommend performing an anti-malware scan.

    The Search Online option isn’t available on Windows 7. If you use Windows 7, you’ll have to plug the name of the process into Google or another search engine instead.

    How to scan a file or folder for malware with microsoft defender on windows 10

    How to Scan Your Computer for Viruses

    By default, Windows 11 is always scanning your PC for malware with the integrated Windows Security application, also known as Microsoft Defender. You can, however, perform manual scans.

    On Windows 10 or 11, open your Start menu, type “Security,” and click the “Windows Security” shortcut to open it. You can also head to Settings > Update & Security > Windows Security > Open Windows Security on Windows 10, or Settings > Privacy and Security > Windows Security > Open Windows Security on Windows 11.

    How to scan a file or folder for malware with microsoft defender on windows 10

    To perform an anti-malware scan, click “Virus & threat protection.”

    How to scan a file or folder for malware with microsoft defender on windows 10

    Click “Quick Scan” to scan your system for malware. Microsoft Defender will perform a scan and give you the results. If any malware is found, it will offer to remove it from your PC automatically.

    How to scan a file or folder for malware with microsoft defender on windows 10

    If you want a second opinion — always a good idea if you’re concerned you might have malware, and your primary antivirus doesn’t find anything — you can perform a scan with a different security application, too.

    We like and recommend Malwarebytes, which pairs well with Windows Security to provide an extra layer of protection for your PC. The free version of Malwarebytes will let you perform manual scans to check for viruses and other malware on your PC. The paid version adds real-time protection—but, if you’re just looking to test a computer for malware, the free version will work perfectly.

    How to scan a file or folder for malware with microsoft defender on windows 10

    Windows 7 doesn’t include built-in antivirus software. You can download Microsoft Security Essentials and run a scan with it if you need a free option. It provides similar protection to the Microsoft Defender security software built into Windows 10 and 11. (Update: Now that Windows 7 is no longer supported, Microsoft Security Essentials is no longer available. We recommend you upgrade to a modern version of Windows.)

    If your antivirus application finds malware but has trouble removing it, try performing a scan in Safe Mode, use an antivirus rescue software, or use Microsoft Defender’s Offline Scan.

    You can also ensure you don’t have malware on your PC by resetting Windows to its default state.

    How to scan a file or folder for malware with microsoft defender on windows 10

    Answer

    Let’s take a look at the typical reasons why the virus and threat protection feature (Microsoft Defender’s built-in antivirus) may not work on Windows 10. Check all items one by one.

    • Microsoft Defender Not Working Due to 3 rd Party Antivirus
    • Enable Microsoft Defender Antivirus Services
    • Enable Microsoft Defender Using Registry on Windows 10
    • Check That the Microsoft Defender in Enabled in Group Policy
    • Re-Register Microsoft Defender DLLs
    • Check and Install Windows Updates

    Microsoft Defender Not Working Due to 3 rd Party Antivirus

    Check if you have a third-party antivirus installed on your computer that prevents Microsoft Defender from working. Microsoft Defender Antivirus is automatically disabled if a third-party antivirus app is installed on your computer.

    Please decide which antivirus you want to use – third-party or Microsoft Defender. If you don’t need a third-party antivirus, disable or uninstall it.

    Enable Microsoft Defender Antivirus Services

    In order the Microsoft Defender to work correctly on Windows 10, you need to check several services. Open the Services Management Console ( services.msc ) and make sure the following items are in the list of services:

    • Windows Defender Advanced Threat Protection Service ( Sense );
    • Microsoft Defender Antivirus Network Inspection Service ( WdNisSvc );
    • Microsoft Defender Antivirus Service ( WinDefend );
    • Security Center ( WSCSVC ).

    The status of the services can be checked using PowerShell:

    get-service Sense, WdNisSvc, WinDefend, wscsvc | select name,status,starttype

    The startup type must be Manual for the Sense and WdNisSvc services.

    The Security Center (WinDefend) and Microsoft Defender Antivirus (wscsvc) services must be running. If these services are disabled, you won’t be able to use Microsoft Defender.

    Verify that the startup type for the services is set to Automatic. If any service is stopped, start it manually. If all services are running, restart them.

    How to scan a file or folder for malware with microsoft defender on windows 10

    Enable Microsoft Defender Using Registry on Windows 10

    In versions of Windows 10 prior to build 2004, it was possible to disable Windows Defender through the registry. This could be done using the DisableAntiSpyware registry parameter. This option was usually used by OEMs or system administrators when a third-party antivirus app was intended to be used on the device.

    Run the Registry Editor ( regedit.exe ) and go to the registry key HKLM\Software\Policies\Microsoft\Windows Defender. If the DisableAntiVirus and DisableAntiSpyware DWORD parameters are present in the right pane (at least one), remove them or change the value to 0.

    How to scan a file or folder for malware with microsoft defender on windows 10

    Cannot edit DisableAntiSpyware. Error writing the value’s new contents.

    The fact is that Windows Defender has a kernel-mode driver (wdfilter.sys) that registers a Registry callback filter which protects Defender’s registry keys.

    Try to stop all Windows Defender related services before changing the registry.

    Also try to take Ownership of a registry key HKLM\Software\Policies\Microsoft\Windows Defender and grant yourself Full Control permissions.

    After that, try restarting the Virus and Threat Protection using the “Restart now” button. The service must start correctly.

    Then go to Settings -> Windows Security -> Virus & threat protection -> Turn on.

    How to scan a file or folder for malware with microsoft defender on windows 10

    Also check that the Real-time protection option is enabled under Windows Security -> Virus & threat protection -> Manage settings.

    How to scan a file or folder for malware with microsoft defender on windows 10

    Microsoft Defender is now automatically disabled by Windows 10 if it detects a third-party antivirus installed on your device. If you don’t have a third-party antivirus installed and need to disable Microsoft Defender, first you need to disable the Microsoft Defender Tamper Protection. This Windows Security feature helps prevent malicious apps from modifying important Microsoft Defender Antivirus settings, including real-time and cloud protection. Tamper Protection can only be disabled through the Windows Security application, and a User Account Control (UAC) prompt will appear to confirm the change.

    How to scan a file or folder for malware with microsoft defender on windows 10

    You can also disable Tamper Protection through the registry. To do this, you need to create a DWORD parameter named TamperProtection with a value of 0 under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features. But before that, you must first take ownership of the Features registry key.

    Check That the Microsoft Defender in Enabled in Group Policy

    Open the local Group Policy Editor (gpedit.msc) and verify that Microsoft Defender is not disabled via Group Policy. To do this, go to the section Computer Configuration -> Administrator Templates -> Windows Components -> Windows Defender Antivirus. Verify that the Turn off Microsoft Defender Antivirus policy is Not configured or Disabled.

    How to scan a file or folder for malware with microsoft defender on windows 10

    Re-Register Microsoft Defender DLLs

    Try to re-register the Windows Defender libraries. To do this, open a command prompt as administrator and run the following commands:
    regsvr32 atl.dll
    regsvr32 wuapi.dll
    regsvr32 softpub.dll
    regsvr32 mssip32.dll

    How to scan a file or folder for malware with microsoft defender on windows 10

    Restart Microsoft Defender and check if the problem is fixed.

    Check and Install Windows Updates

    In rare cases, Microsoft Defender Antivirus may stop working after installing monthly Windows 10 updates. In this case, try to check for new updates and install them via Settings -> Update & Security -> Windows Update -> Check for updates or use PowerShell to install the latest updates. Most likely, they will fix the issue.

    If nothing helps, check and repair the integrity of Windows image and system files with the commands:

    sfc /scannow
    DISM /Online /Cleanup-Image /RestoreHealth

    I hope this brief guide will help you solve the problem if you unable to start (stop) the threat service on Windows 10.

    A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection.

    Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning.

    Microsoft Defender allows users to exclude locations on their machines that should be excluded from scanning by the security solution.

    The knowledge of the list of scanning exceptions allows attackers to know where to store their malicious code to avoid detection. This means that once inside a compromised network, threat actors can decide were store their malicious tools and malware without being detected.

    The issue seems to affect Windows 10 21H1 and Windows 10 21H2 since at least eight years, but it does not affect Windows 11.

    Noticed that almost 8 years ago when I started in Tech Support. Always told myself that if I was some kind of malware dev I would just lookup the WD exclusions and make sure to drop my payload in an excluded folder and/or name it the same as an excluded filename or extension…

    SentinelOne threat researcher Antonio Cocomazzi pointed out that the list of scanning exceptions can be accessed by any local user, regardless of its permissions.

    Running the “reg query” command it is possible to access the list.

    Windows Defender AV allows Everyone to read the configured exclusions on the system 🤦

    reg query “HKLMSOFTWAREMicrosoftWindows DefenderExclusions” /s pic.twitter.com/dpTFwMVRje

    How to scan a file or folder for malware with microsoft defender on windows 10

    The security researcher Nathan McNulty highlighted that when Microsoft Defender is installed on a server, there are automatic exclusions that are set up when specific roles or features are installed.

    Finally, for those configuring Defender AV on servers, be aware that there are automatic exclusions that get enabled when specific roles or features are installed

    They do not cover non-default install locations, and you should review the list here:https://t.co/StYXMmfs8T

    According to BleepingComputer, the weakness was first reported by the researcher Paul Bolton in May:

    This also works for the “Policies” path when using GPOs, such as HKLM:SOFTWAREPoliciesMicrosoftWindows DefenderExclusionsProcesses
    MSRC view this more of a product suggestion for Defender 2/2

    Microsoft has yet to address the weakness, for this reason, administrators should use group policy to configure Microsoft Defender while installing their systems [1, 2]. exclusions on servers and local machines via group policies.

    (SecurityAffairs hacking, malware)