Serious Discussion Windows Defender scan when offline

[Oblivion99]

Dear all

I have a laptop which I use as an offline backup platform.

1.
Is Windows Defender scan still effective, even though the laptop is offline?
It can't use an online virus database / "blacklist" to compare the scanned files with.

2.
Is Windows Defender able to detect a custom made / specially developed virus?
Or does it only react to viruses that are listed / known on the "blacklist"?

Thank you

 

[ForgottenSeer 103564]

Dear all

I have a laptop which I use as an offline backup platform.

1.
Is Windows Defender scan still effective, even though the laptop is offline?
It can't use an online virus database / "blacklist" to compare the scanned files with.

2.
Is Windows Defender able to detect a custom made / specially developed virus?
Or does it only react to viruses that are listed / known on the "blacklist"?

Thank you

1. Microsoft defender uses a local database on the PC to perform the offline scan before the operating system starts.

2. Microsoft defender can detect suspicious behavior with its signatureless machine learning capabilities.

 

[Oblivion99]

"1. Microsoft defender uses a local database on the PC to perform the offline scan before the operating system starts."
Is the scan better and more effective, if the laptop is online?

"2. Microsoft defender can detect suspicious behavior with its signatureless machine learning capabilities."
How does this answer 2?
Can you please explain / elaborate?

Thank you

 

[ForgottenSeer 103564]

"1. Microsoft defender uses a local database on the PC to perform the offline scan before the operating system starts."
Is the scan better and more effective, if the laptop is online?

"2. Microsoft defender can detect suspicious behavior with its signatureless machine learning capabilities."
How does this answer 2?
Can you please explain / elaborate?

Thank you

You asked if defender can detect a custom made virus or one not listed in its signatures, I replied with, it is able to detect malicious activity based on on behavior of activity meaning it does not require signature to detect if it behaves a certain way,.what I should mention though is while it can detect them it needs to be online to submit those suspicious behaviors and their process trees to the protection cloud service.

You are using this system as an off line back up platform correct. You do know you can scan your device and back ups from the original machine you are pulling them from before connecting to the offline one correct?

 

[Oblivion99]

You asked if defender can detect a custom made virus or one not listed in its signatures, I replied with, it is able to detect malicious activity based on on behavior of activity meaning it does not require signature to detect if it behaves a certain way,.what I should mention though is while it can detect them it needs to be online to submit those suspicious behaviors and their process trees to the protection cloud service.

You are using this system as an off line back up platform correct. You do know you can scan your device and back ups from the original machine you are pulling them from before connecting to the offline one correct?

1.
"needs to be online to submit those suspicious behaviors and their process trees to the protection cloud service."
Windows Defender does not have a local database for this aswell?

2.
"You are using this system as an off line back up platform correct. You do know you can scan your device and back ups from the original machine you are pulling them from before connecting to the offline one correct?"
I use a USB drive to transfer my files to my offline backup laptop. I scan the drive before I unplug it.
I just want to make sure, that no malware can get to my offline backup system, and corrupt my backed up data. But if it somehow happened, that Windows Defender would detect the malware, hacker tool etc. and fix it.

 

[Jonny Quest]

I use a USB drive to transfer my files to my offline backup laptop. I scan the drive before I unplug it.
I just want to make sure, that no malware can get to my offline backup system, and corrupt my backed up data. But if it somehow happened, that Windows Defender would detect the malware, hacker tool etc. and fix it.

Question - Laptop hidden hacker connection?

Dear all I have a laptop which I use as an offline backup platform The laptop has Bluetooth and a Network card I have deactivated both in Device Manager and in Windows settings I have questions regarding whether a hacker could get access to my data without my knowledge 1. Can a hacker...

malwaretips.com

Thank you for answering my question

 

[ForgottenSeer 103564]

1.
"needs to be online to submit those suspicious behaviors and their process trees to the protection cloud service."
Windows Defender does not have a local database for this aswell?

2.
"You are using this system as an off line back up platform correct. You do know you can scan your device and back ups from the original machine you are pulling them from before connecting to the offline one correct?"
I use a USB drive to transfer my files to my offline backup laptop. I scan the drive before I unplug it.
I just want to make sure, that no malware can get to my offline backup system, and corrupt my backed up data. But if it somehow happened, that Windows Defender would detect the malware, hacker tool etc. and fix it.

A simple solution then is to scan the usb drive and its contents before you unplug it and transfer over to the offline system.

 

[Kongo]

Dear all

I have a laptop which I use as an offline backup platform.

1.
Is Windows Defender scan still effective, even though the laptop is offline?
It can't use an online virus database / "blacklist" to compare the scanned files with.

2.
Is Windows Defender able to detect a custom made / specially developed virus?
Or does it only react to viruses that are listed / known on the "blacklist"?

Thank you

Microsoft Defender heavily relies on its cloud, so without a stable connection you will get a major drop of protection.

 

[Ink]

Download Microsoft Defender Offline definitions, copy to USB, then run a Scan.

Is your Main PC compromised?

 

[Oblivion99]

Microsoft Defender heavily relies on its cloud, so without a stable connection you will get a major drop of protection.

Why is that?
Because then its local virus database won't get updated?

 

[Oblivion99]

A simple solution then is to scan the usb drive and its contents before you unplug it and transfer over to the offline system.

But how can I make sure, that the offline backup laptop is clean and not infected / compromised?

 

[ForgottenSeer 103564]

But how can I make sure, that the offline backup laptop is clean and not infected / compromised?

I would like very much to shed some light on this for you, connect that offline, online long enough to scan it with your favorite tool then disconnect it.

Scan you your usb and contents on the online system Everytime before you plug it into the offline system.

To place your mind at ease, malware much like everything else is very ineffective without a Internet connection, it cannot transmit your data or invite other nasties into your machine without it.

 

[Kongo]

Why is that?
Because then its local virus database won't get updated?

When you have an internet connection Microsoft Defender will be connected to the cloud at all times and can upload the malicious samples to the cloud, where it gets analyzed further. With no internet connection, Microsoft Defender is not able to upload and can only make use of the already downloaded signatures, offline behavioural analysis which is rather weak.

 

[ForgottenSeer 103564]

First make a new folder in your desktop, Connect your off line system to the Internet, download this emergency kit from emsisoft, it has Bitdefender and Kaspersky signatures, this is a portable application so you do not have to install it. download this application, install/extract it in the same folder on the desktop, while still connected to the Internet scan your entire system, once done and convinced your system is fine, discount from the Internet, delete the folder from the desktop and go about your day.

Make sure to scan your drive in the other system before you transfer items.

This application is free to use, so you don't have to pay for a license.

Emsisoft - Emergency Kit: Free Portable Malware Scan and Removal

Emsisoft Emergency Kit is the ultimate free anti-malware and antivirus tool to scan, detect and remove viruses, keyloggers and other malware threats.

www.emsisoft.com