Troubleshoot problems with detecting and removing malware (2024)

If scans are taking too long or appear to be progressing very slowly, consider the following solutions:

Make sure you have enough available disk space

Microsoft Defender Antivirus requires disk space to remove and quarantine malware files. It might be prevented from completely removing a threat if there isn't enough available space on your PC, particularly on your system drive (usually drive C). See the following to help free up space:

• Free up drive space in Windows 10 or 11.

• Tips to free up drive space on your PC (Windows 8.1)

After you've freed up some space, update and then run a scan again.

Full scans can take a long time if you have a large disk with lots of files. Large files, especially archives such as ZIP files, take longer to scan.

Run scans while your PC is idle by closing all other programs

Scanning takes system resources like processor and memory. If you have other programs running they may be creating a bit of a traffic jam that can slow down the malware scan, even if you're not actively using them. Try closing any unnecessary apps while you run the scan.

Tip:For best results try restarting your computer then run the scan immediately, before opening any other apps.

If Microsoft Defender Antivirus continually encounters errors during scans or during malware removal, try the following solutions:

• Please provide feedback to us, so we can deliver fixes as fast as possible. By default, Windows automatically collects error information, but describing the error on the Feedback Hub app can help us address the error more efficiently.
  

  Tip:You can quickly launch the Windows Feedback Hub app in Windows 10 or 11 by pressing the Windows logo key + F.

• Run Windows Update to apply any fixes and ensure you have the latest components.

• If Microsoft Defender Antivirus continually encounters errors during updates, try installing the latest protection updates manually.

To detect the latest threats, use a robust antimalware product, like Microsoft Defender Antivirus, which is built into Windows. Ensure that critical security features are turned on and that Microsoft Defender Antivirus is fully updated before scanning.

Use Microsoft Defender Antivirus with cloud-based protection

By default, the following advanced features are on. If you’ve turned them off, you should turn them back on for the best protection:

• Cloud-based protection

• Automatic sample submission

To turn on these features:

1. Select Start> Settings> Update & Security > Windows Security> Virus & threat protection.

2. Under Virus & threat protection settings, select Manage settings.

3. Make sure the settings for Cloud-delivered protection and Automatic sample submission are turned On.

These settings significantly increase the chances of detecting never-before-seen malware and enable the automated creation of new updates that help protect all other computers running Microsoft Defender Antivirus.

Update Microsoft Defender Antivirus before scanning

By default, Microsoft Defender Antivirus updates definitions automatically at least once every day. You can also manually check for updates:

1. Select Start> Settings> Update & Security > Windows Security> Virus & threat protection.

2. Under Virus & threat protection updates, select Check for updates.

3. Under Threat definitions, select Check for updates.

Learn more about definition updates for Microsoft Defender Antivirus and other Microsoft antimalware

If you continue to encounter suspicious files that are not detected by Microsoft Defender Antivirus, submit the files to Microsoft for analysis.

Even after a piece of malware has been removed, it might come back if you visit the website that hosts it or receive it again by email. Avoid websites that might contain malware, such as sites that provide illegal downloads.

To block threats from malicious websites, use a modern browser like Microsoft Edge, which uses Microsoft Defender SmartScreen to identify sites with poor reputation. Upgrade to the latest version of Windows to benefit from a host of built-in security enhancements.

In some cases, redetection of the same malware is due to an undetected malware component constantly, quietly, reinstalling the detected malware. The malware is typically reinstalled, and redetected, right after you restart your PC. To resolve this, try scanning with Microsoft Defender Offline to catch hidden threats

Scan with Windows Defender Offline

If the same malware keeps infecting your PC, use Windows Defender Offline to look for and remove recurring malware. Microsoft Defender Offline is a scanning tool that works outside of Windows, allowing it to catch and clean infections that hide themselves when Windows is running.

Note:Before initiating a Microsoft Defender Offline scan, make sure you've saved your work. Your PC will restart before starting the scan.

To start an offline scan in Windows:

1. Select Start> Settings> Update & Security > Windows Security> Virus & threat protection.

2. Under Current threats, select Scan options.

3. Select Windows Defender Offline scan and then select Scan now.

On Windows 8.1you will need to download Microsoft Defender Offline as a separate tool. For more information, see Help protect my PC with MicrosoftDefender Offline.

If malware has caused irreversible changes to your PC, you can try to reset your PC. This might require restoring data from backup.

Reset, restore, or reinstall your PC

Back up any files and settings you want to keep so that you can restore them later. Windows provides several options on how you can reset or refresh your PC. If you choose to manually reinstall, you will need to prepare installation discs, product keys, and setup files.

Note:Whenever possible, restore your files from backups generated before the infection and stored in an external location, such as OneDrive, which provides regular cloud-based backups with version histories. Backups that are on your PC during an infection might have already been modified by the malware.

See the following articles for more information about reinstalling or recovering Windows:

• Recovery options in Windows 10 or 11

• How to refresh, reset, or restore your PC (Windows 8.1)

• Back up your Windows PC

Update software

As soon as you restore your PC, make sure you have the latest software running. The latest versions of software include available fixes of known security issues. This will help ensure your PC is not infected by malware that exploit security vulnerabilities.

See the following articles for more information about updating Microsoft software and third-party applications:

• Windows Update: FAQ

• Updating third-party applications