Microsoft Standalone System Sweeper, a tool that was only available as part of Microsoft Diagnostics and Recovery Toolset (MSDaRT), is now available for separate download. Microsoft Standalone System Sweeper Beta (MSSS), a recovery tool that can help you start an infected PC and perform an offline scan to help identify and remove rootkits and other advanced malware. MSSS uses the same definitions as Microsoft Security Essentials.
Update: Microsoft Defender Offline is a built-in feature in Windows 10 — no need to create a Windows Defender Offline bootable media. Check out the post “Windows Defender Offline” in Windows 10 Eliminates Complex Malware for more information. On older versions of Windows, Microsoft Defender Offline is still called by its old name: Windows Defender Offline.
Update -June 6, 2012: Standalone System Sweeper Beta has been rebranded to Windows Defender Offline. Windows Defender Offline is available at this address. (Thanks for the heads up, Noel.) There may be some user interface changes in the product since this article was written. Although this article was written earlier, when the product was in Beta, much of the information can be adapted for the final product, Windows Defender Offline.
You can download MSSS from here and create bootable media using a CD/DVD or your USB drive. The bootable media starts the Windows Preinstallation Environment and launches the Microsoft Standalone System Sweeper application to scan and remove viruses and malware. MSSS runs in Windows XP SP3, Windows Vista, Windows 7, and Windows 8.
Creating MSSS Bootable Media
Running Microsoft Standalone System Sweeper
How to Update Microsoft Standalone System Sweeper Definitions
To ensure effective scanning/removal of viruses and malware, make sure you update the definitions. This can be done by clicking the Check for Updates option from the Help menu.
There are two ways to update the definitions via the MSSS user interface.
Option 1: You can either download the file mpam-fe.exe (or mpam-fex64.exe for x64 systems) definitions update package from the Microsoft Security Portal, from PC to a USB flash drive. Then connect the USB flash drive to the subject computer, click the Browse… button in the MSSS window, and locate the definitions update package. This option is ideal for computers without internet connectivity.
Option 2: Another option is to click the Download button to download and apply the definitions update package automatically. The definition updates are exacted automatically and stored in the Windows\Standalone System Sweeper folder.
Option 3: If you use a USB flash drive to run MSSS, you can update the definitions by running the MSSS bootable media creation tool (refer to the 1st screenshot above.) Re-running the tool with that USB flash drive will cause MSSS to update only the definitions in the drive, provided that the USB drive already has the latest version of MSSS.
One small request: If you liked this post, please share this?
One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!
Finally !! 😛 I guess that would shake the security industry a bit
awesome article, loved it !!
Excellent! I am going for it now; though I should expect it is going to be a huge download.
Great program. It found (and says it removed) Exploit:JS/Multi.DC but my system still keeps rebooting during Windows XP startup. Oh well, maybe I have multiple problems.
Your download link for it needs to be updated, Ramesh –
as does the tool’s name 🙂
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
Thanks Noel! Just added a note at the top of the article.