Microsoft Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. It utilizes Windows RE to run the offline scan.
During the Microsoft Defender Offline scan, it may appear to the user that the scan stalled or crashed at 91%, 92%, or 93% on some systems. This article tells you how to check if the last Microsoft Defender Offline scan was completed correctly.Read more
When Microsoft Defender Antivirus finds a virus, it asks you what action to take on the threat. The options are “Remove”, “Quarantine”, and “Allow on device”.
You may wonder:
When you enable the Local Security Authority protection in Windows Security → Device Security → Core isolation page on your Windows 11 22H2 (and higher) computer, the yellow exclamation continues to appear.Read more
The Windows Security tray icon provides a convenient way to run a quick scan, check for definition updates, or launch the Windows Security app quickly. However, in some systems, the icon may be missing from the notification area.Read more
When you attempt to turn on Memory Integrity in Windows Security, the Windows Security page scans the drivers to check their compatibility with the Core Isolation/Memory Integrity feature. If there are incompatible drivers found, the list of incompatible drivers is shown. You’ll be asked to address the issue before enabling Memory Integrity.Read more
After installing/upgrading to Windows 11, you may notice that the Windows Defender Security settings page can’t be opened. Nothing may happen when you open the Windows Security dashboard, or the following error may occur when you do so:Read more
Occasionally, your system may slow down to a crawl due to the PC-Doctor Module process that runs in the background. When this happens, it can take several seconds to open the Task Manager or any program.
The Task Manager may show that a process named PC-Doctor Module is occupying 100% of CPU and a very high amount of RAM. You may be wondering if PC-Doctor Module is a virus, Malware, or a PUA.Read more
On some Windows 10 and 11 computers, Microsoft Defender Antivirus may repeatedly warn about the same threat, although you’ve taken the necessary action (remediated) on that threat.
When you click “Start actions” after choosing “Remove”, nothing happens. Windows Defender would keep showing that non-existent threat.Read more
Since July last week, Windows Defender started issuing Win32/HostsFileHijack “potentially unwanted behavior” alerts if you had blocked Microsoft’s Telemetry servers using the HOSTS file.
Out of the SettingsModifier:Win32/HostsFileHijack cases reported online, the earliest one was reported at the Microsoft Answers forums where the user stated:
I’m getting a serious “potentially unwanted” message. I have the current Windows 10 2004 (1904.388) and only Defender as permanent protection.
How is that to evaluate, since nothing has changed at my hosts, I know that. Or is this a false positive message? A second check with AdwCleaner or Malwarebytes or SUPERAntiSpyware shows no infection.
After inspecting the HOSTS file from that system, it was observed that the user had added Microsoft Telemetry servers to the HOSTS file and routed it to 0.0.0.0 (known as “null-routing”) to block those addresses. Here is the list of telemetry addresses null-routed by that user.Read more
