Most antivirus programs will provide real-time scanning against malware in addition to manual scans that the user can run themselves. Real-time scanning will help protect your files and the system by monitoring the activity in the background and will automatically quarantine or remove any detected threats. Some antivirus programs call this feature a resident shield, auto-protection, on-access scanning or a background guard. The on-demand scanner, also known as a manual scanner, will not protect the computer in real-time, but can help find malware in selected locations on the local hard-drives.
Note that some antivirus programs with real-time and on-demand scanners will not scan all types of file extensions and file formats by default. You should configure the antivirus software to scan all file types, extensions and formats because you never know how the latest virus or malware may try to disguise itself.
Microsoft now provides a free standalone virus scanner called Microsoft Safety Scanner. In the next section of this article, find out how you can use this scanner and why you need it.
System Requirements and Usage
Microsoft Safety Scanner will run on computers with 32-bit or 64-bit editions of Windows 7, Windows Server 2003, Vista or XP. You must be logged on as a member of the Administrators group to run this scanner. It will scan the computer whether it was started in normal or safe mode.
This tool will expire 10 days after downloading. If needed again at a later time, you are encouraged to download the scanner again because it will contain updated detection signatures.
Features and Options
Because it's only good for ten days, you should not use Microsoft Safety Scanner as a replacement for an antivirus program that provides real-time protection against malicious software. This standalone tool by Microsoft is an on-demand scanner that has the ability to remove detected malware in addition to the following features and options:
- Scan and remove spyware, viruses and other potentially unwanted software from the computer.
- The option to perform a full system scan, quick scan or customized scan. Note that any type of scan will look at critical areas in Windows where malware is usually known to hide and add or modify your files and settings.
- The Malware Safety Scanner uses the same malware detection signatures and scan engine that Microsoft Security Essentials use.
- The option to scan any hard drives attached to the computer, such as local, removable or USB drives.
- The scanner will automatically remove detected threats from the computer.
- Display the list of detected malware and the actions taken by the tool to show you what was removed or partially removed.
- The complete activity log of the tool is stored in the debug folder of the main Windows directory.
- Detected suspicious files can be sent to Microsoft for further analysis. This is an optional process which means you can choose to not send the file to the vendor, but it is recommended to send the file to help enhance future detections.
- Ability to scan the computer in safe mode, with or without networking and in normal mode.
On the downside, the options and features listed below are not available in Microsoft Safety Scanner:
- No option to pause a scan. Once started, you can only cancel.
- You cannot update the anti-malware signatures of the tool.
- There is no option to right-click a folder or drive to scan using the free on-demand scanner.
- You cannot use the tool to scan networked computers.
- There is no option to choose what actions to take on detected threats.
- It cannot remove infected compressed or archive files.
- A restore point is not created during a malware removal using the tool. It is recommended to manually create a restore point before using the virus scanner.
Using Microsoft Safety Scanner
This tool is quite easy to use. You don't have to remove your existing antivirus protection software from your computer and no user interaction is required to remove the malware, except if the detected malware is compressed. The image below is a screenshot of the scanning and malware removal results from using Microsoft Safety Scanner where compressed files where partially removed:
To permanently remove the partially removed threat from your computer, open the msert.log file from the C:\Windows\debug folder. Locate the following line and manually delete the file mentioned:
Operation failed (code=0x8026), please use a full antivirus product ! !
Note that the on-demand scanner can use up to 1GB of memory especially if it's scanning large and compressed files. The task manager in Windows will display two processes with similar names (msert.exe) which is by design. The process is also known as Microsoft Support Emergency Response Tool.
If an active process by malware is running, the scanner can shut it down during the malware removal process. In the screenshots below, you can see how the tool can effectively remove active malware.
Microsoft not only just provides this free on-demand virus scan for Windows, but you can also take advantage of their free malware removal support by visiting the community forums or using their support service. For more information, see the support links below in the references section of this article.
- Article based on author's experience.
- Microsoft Community Forums: Security Forums in Microsoft Answers website.
- Free malware removal support: No charge support service for Windows users.
- Image credit: Screenshots generated by the author.
- Product version: Microsoft Safety Scanner v1.0 Build 1.115.1814.0