System tip: View Windows Defender offline scan results

Sometimes, malware may hide in the boot process of Windows and infect the system without waiting for a full boot. For some malware that is difficult to remove at runtime, Windows 10 usually automatically performs an offline scan to check and kill it before restarting to the desktop. After the offline scan is finished, the computer restarts. If you fail to automatically perform an offline scan, and if using Windows Defender after booting does not work, you can try to manually set up an offline scan to perform a scan and remove the infection before loading the operating system. So, how can I check the results of Windows Defender offline scan when it is executed?

Tip: To enable Windows Defender offline scanning, check the “Windows Defender Offline Scan” option in the Security Center “Scan Options” window and restart the system (Figure 1). With poison to open this option will not affect the offline detection.


1. View through Windows Security app

In Windows 10 environment, click “Start→Settings→Update and Security→Windows Security Center”, and then click “Virus and Threat Protection” in the right pane. In the new window that appears, click the “Protection History” link under the “Current Threats” group to view the results of Windows Defender’s previous offline scans (Figure 2).


2. View through Windows Defender’s log file

Since the log file is stored in a hidden directory, we can enter the path in the “Run” box to reach the log file (Figure 3).

C:ProgramDataMicrosoftWindows DefenderSupport


If the message that you do not have access to the folder is displayed, click “Continue” to get access authorization, and then you can enter the Support folder and view the Windows Defender log files (Figure 4).


Tip: Both the scanning process and the scan result generate log files, just check the MPLog file in it.

3. Use Windows Event Viewer to view

Right-click the Start button and select Event Viewer from the Control menu. In the left pane of the Event Viewer, navigate to “Application and Service Logs→Microsoft→Windows→Windows Defender→Operational”, where you can see the logs left after running an offline scan (Figure 5).


Leave a Comment