Microsoft Defender Offline Scan Stops at 91%?

defender completes scan at 92%

Microsoft Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. It utilizes Windows RE to run the offline scan.

During the Microsoft Defender Offline scan, it may appear to the user that the scan stalled or crashed at 91%, 92%, or 93% on some systems. This article tells you how to check if the last Microsoft Defender Offline scan was completed correctly.Read more

Accidentally Allowed a Threat in Windows Defender. What to do now?

Defender Allowed Threats reset

When Microsoft Defender Antivirus finds a virus, it asks you what action to take on the threat. The options are “Remove”, “Quarantine”, and “Allow on device”.

You may wonder:

  1. What happens if you’ve accidentally clicked “Allow” instead of “Remove”?
  2. What happens to the “allowed” threat? Will Microsoft Defender Antivirus redetect the item during the next scan?

Read more

Fix: Cannot Enable Core Isolation Due to Incompatible Drivers

memory integrity notification

When you attempt to turn on Memory Integrity in Windows Security, the Windows Security page scans the drivers to check their compatibility with the Core Isolation/Memory Integrity feature. If there are incompatible drivers found, the list of incompatible drivers is shown. You’ll be asked to address the issue before enabling Memory Integrity.Read more

“PC-Doctor Module” High CPU, Memory, Disk Usage and Slowdown

dell pc-doctor module 100% cpu and memory usage

Occasionally, your system may slow down to a crawl due to the PC-Doctor Module process that runs in the background. When this happens, it can take several seconds to open the Task Manager or any program.

The Task Manager may show that a process named PC-Doctor Module is occupying 100% of CPU and a very high amount of RAM. You may be wondering if PC-Doctor Module is a virus, Malware, or a PUA.Read more

Windows Defender Shows the Same Threat Repeatedly. How to Clear the Protection History

windows defender same threat repeatedly - pup or trojan

On some Windows 10 and 11 computers, Microsoft Defender Antivirus may repeatedly warn about the same threat, although you’ve taken the necessary action (remediated) on that threat.

windows defender same threat repeatedly

When you click “Start actions” after choosing “Remove”, nothing happens. Windows Defender would keep showing that non-existent threat.Read more

Windows Defender “HostsFileHijack” alert appears if Telemetry is blocked

defender hostsfilehijack

Since July last week, Windows Defender started issuing Win32/HostsFileHijack “potentially unwanted behavior” alerts if you had blocked Microsoft’s Telemetry servers using the HOSTS file.

defender hostsfilehijack

Out of the SettingsModifier:Win32/HostsFileHijack cases reported online, the earliest one was reported at the Microsoft Answers forums where the user stated:

I’m getting a serious “potentially unwanted” message. I have the current Windows 10 2004 (1904.388) and only Defender as permanent protection.
How is that to evaluate, since nothing has changed at my hosts, I know that. Or is this a false positive message? A second check with AdwCleaner or Malwarebytes or SUPERAntiSpyware shows no infection.

“HostsFileHijack” alert if Telemetry is blocked

After inspecting the HOSTS file from that system, it was observed that the user had added Microsoft Telemetry servers to the HOSTS file and routed it to (known as “null-routing”) to block those addresses. Here is the list of telemetry addresses null-routed by that user.Read more