How to Run a Malware Scan on Windows 11: A Step-by-Step Guide

Malware is like digital glitter—once it gets everywhere, it’s a pain to clean up. The good news? Windows 11 ships with a powerful, built-in security suite (Microsoft Defender) that makes scanning, removing, and preventing threats straightforward. In this guide, you’ll learn multiple ways to run malware scans—from a quick checkup to deep, offline cleanups—plus pro tips for automation, logs, and what to do if a threat won’t budge.

---

What Counts as “Malware” on Windows 11?

“Malware” is an umbrella term for nasty stuff that tries to sneak onto your PC and cause trouble.

• Viruses & Worms: Spread and replicate, often breaking things as they go.
• Trojans: Pretend to be legit software but open the door for attackers.
• Spyware & Keyloggers: Secretly record what you do and type.
• Adware & PUPs: Annoying software that spams you with ads or bundles toolbars.
• Ransomware: Locks files and demands payment to unlock them.

Knowing what you’re up against helps you choose the right scan.

---

Signs You Might Be Infected

• Sudden slowdowns or programs crashing
• Browser redirects or pop-ups that won’t quit
• Unknown apps starting with Windows
• Files missing, renamed, or encrypted
• Security settings disabled without your consent

If any of these ring a bell, move straight to a Full Scan or Offline Scan below.

---

Before You Scan: Quick Prep

A tiny bit of prep goes a long way.

• Update definitions: Defender’s threat database updates constantly.
• Save work & plug in: Scans can be thorough; avoid interruptions.
• Disconnect suspicious USBs: Don’t let removable drives reinfect you during cleanup.
• Close heavy apps: Gives the scanner more room to work.

---

Method 1: Run a Quick Scan with Windows Security (Fast Checkup)

A Quick Scan is your first stop—it checks where malware usually hides.

How to Run a Quick Scan

1. Press Windows key and type Windows Security, then open it.
2. Click Virus & threat protection.
3. Select Quick scan.
4. Let it finish and review Protection history for results.

What the Quick Scan Checks

• Startup locations, running processes, key system folders—basically the usual suspects.
• If anything suspicious appears, Defender quarantines it and prompts you.

---

Method 2: Deep Clean with a Full Scan

If your system is acting “off,” a Full Scan is like a full-house cleaning.

When to Choose a Full Scan

• You installed unknown software recently
• Persistent pop-ups or redirects
• You’ve plugged in multiple unfamiliar USBs
• Quick Scan found something but you want peace of mind

How to Run a Full Scan

1. Open Windows Security → Virus & threat protection.
2. Click Scan options.
3. Select Full scan → Scan now.
4. Grab a coffee—this checks every file and can take a while.

Pro Tips

• Keep your PC awake during the scan (temporarily disable sleep).
• Don’t multitask heavily during a Full Scan; let Defender focus.

---

Method 3: Custom Scan for a Folder, Drive, or USB

Perfect when you suspect one location—like a fresh download folder or thumb drive.

Run a Custom Scan

1. Windows Security → Virus & threat protection → Scan options.
2. Choose Custom scan → Scan now.
3. Select the specific folder/drive and start.

Right-Click Scan from File Explorer

• In File Explorer, right-click any folder/drive → Show more options (if needed) → Scan with Microsoft Defender.

---

Method 4: Microsoft Defender Offline Scan (Stubborn Threats)

Some malware hides so well it dodges normal scans. The Offline Scan boots a minimal environment and scans before Windows even loads.

What the Offline Scan Does

• Restarts your PC and scans outside of Windows
• Targets rootkits and deeply embedded threats

How to Run an Offline Scan

1. Windows Security → Virus & threat protection.
2. Click Scan options.
3. Choose Microsoft Defender Offline scan → Scan now.
4. Save your work; your PC will restart and scan automatically.

If BitLocker Is Enabled

• You may be asked for the BitLocker recovery key after reboot. Make sure you have it (check your Microsoft account or IT admin if work-managed).

---

Method 5: Scan from PowerShell or Command Line (For Power Users)

Prefer terminals or need automation? You’ve got options.

PowerShell Commands (Run as Administrator)

Update definitions:

Update-MpSignature

Quick scan:

Start-MpScan -ScanType QuickScan

Full scan:

Start-MpScan -ScanType FullScan

Check threats found:

Get-MpThreatDetection

Defender Command-Line Utility (MpCmdRun.exe)

Location:

C:\Program Files\Windows Defender\MpCmdRun.exe

Update & quick scan:

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate
"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 1

Full scan:

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 2

Custom scan (replace path):

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "D:\Downloads"

---

Method 6: Schedule Automatic Scans

Set it once, then let Windows do the boring stuff.

Use Defender’s Built-In Maintenance

Defender already runs periodic scans. Keep your PC on and connected so it can complete them.

Create a Custom Schedule with Task Scheduler

1. Press Windows key, type Task Scheduler, open it.
2. Action → Create Task…
3. General: Name it (e.g., Weekly Defender Full Scan).
4. Triggers: New… → Weekly on your preferred day/time.
5. Actions: New… → Program/script: C:\Program Files\Windows Defender\MpCmdRun.exe Add arguments: -Scan -ScanType 2
6. Conditions: Uncheck Start the task only if the computer is idle if you want it to run regardless.
7. Save. Your PC will now scan on autopilot.

---

Method 7: Use a Second-Opinion Scanner (Optional)

Sometimes a single perspective misses a spot. On-demand “second-opinion” scanners can help (think Malwarebytes, ESET Online Scanner, etc.).

• Do: Use them on demand (no real-time protection) to avoid conflicts.
• Don’t: Run two real-time antivirus engines simultaneously—it can slow things down and create false positives.

---

Interpreting Results: Quarantine, Remove, or Allow?

• Quarantine: The default and safest—isolates threats so they can’t run.
• Remove: Deletes the file(s). Great for confirmed malware.
• Allow on device: Only if you’re absolutely sure it’s safe (e.g., a false positive on a trusted tool).

If a file you need gets quarantined, review details in Protection history, verify its legitimacy (hash check, vendor site), then restore if appropriate.

---

Check Protection History & Logs (Verification Matters)

Protection History in Windows Security

1. Open Windows Security → Virus & threat protection.
2. Click Protection history.
3. Review blocked threats, actions taken, and timestamps.

Event Viewer Logs

1. Press Windows key, type Event Viewer.
2. Navigate to Applications and Services Logs → Microsoft → Windows → Windows Defender → Operational.
3. Look for scan events, detections, and remediation outcomes.

---

If You Can’t Run a Scan: Safe Mode & Recovery Options

Some malware tries to block security tools. Beat it at its own game.

Boot to Safe Mode

1. Settings → System → Recovery.
2. Under Advanced startup, click Restart now.
3. Troubleshoot → Advanced options → Startup Settings → Restart.
4. Press 4 (Enable Safe Mode) or 5 (Safe Mode with Networking).
5. Run Windows Security scans again.

Microsoft Defender Offline (Again)

If Safe Mode still won’t let you scan, use Offline Scan (see Method 4).

Last-Resort Options

• System Restore to a clean point (if enabled).
• Reset this PC: Settings → System → Recovery → Reset this PC (keep files or remove everything).

---

Prevent Future Infections: Good Security Habits

Think of this as brushing and flossing for your PC.

• Keep Windows Updated: Security patches plug holes attackers love.
• Leave Real-Time Protection On: Don’t disable Defender unless you know why.
• Use SmartScreen: It warns you about shady downloads and sites.
• Be Download-Savvy: Prefer official sites; avoid cracked software.
• Limit Admin Use: Daily account as Standard User, elevate only when needed.
• Back Up Regularly: Use File History, OneDrive, or an external drive.
• Harden Your Browser: Turn on “Ask where to save” and block third-party cookies if feasible.
• Email Smarts: Don’t open unexpected attachments or links—even if they look legit.

---

Troubleshooting Common Scan Issues

• Scans won’t start:
  • Restart the Microsoft Defender Antivirus Service (services.msc).
  • Ensure no third-party AV is disabling Defender.
• Definitions out of date:
  • Windows Security → Virus & threat protection → Check for updates, or run Update-MpSignature.
• False positives:
  • Upload the file to a multi-scanner service (e.g., VirusTotal) to compare results. If clean, Allow on device cautiously.
• High CPU during scans:
  • Let the scan finish, or schedule it during downtime.
• Group Policy restrictions (work PCs):
  • Your admin may control Defender; contact IT if options are greyed out.

---

Advanced: Monthly Malicious Software Removal Tool (MSRT)

Windows silently runs MSRT monthly via Windows Update, removing prevalent threats. You can manually launch it:

1. Press Windows + R, type mrt, press Enter.
2. Choose Quick, Full, or Customized scan and run.

It’s not a replacement for Defender—think of it as an extra sweep.

---

Advanced: Exclusions (Use Sparingly)

If Defender keeps flagging a known-safe tool (like a custom script), you can exclude it:

Windows Security → Virus & threat protection → Manage settings (under Virus & threat protection settings) → Add or remove exclusions.

• Exclude by File, Folder, File type, or Process.
• Only exclude items you absolutely trust—exclusions are blind spots.

---

Conclusion

Running a malware scan on Windows 11 is simple once you know where to click—and incredibly effective when you use the right scan for the job. Start with a Quick Scan for routine checks, escalate to a Full or Custom Scan when something feels off, and bring out the Microsoft Defender Offline Scan for stubborn, deep-nested threats. Add a dash of automation with Task Scheduler, keep an eye on Protection history, and you’ll stay a big step ahead of most attacks. The real win? Pair scanning with smart habits—updates, cautious downloads, and regular backups—and malware becomes just another box you confidently tick.

---

FAQs

1) How often should I run a malware scan on Windows 11?
Defender runs periodic scans automatically, but a weekly Quick Scan plus a monthly Full Scan is a solid routine—especially if you download a lot.

2) Can I use Microsoft Defender alongside another antivirus?
Yes, but avoid running two real-time engines simultaneously. If you install a third-party antivirus, let it handle real-time protection and use Defender or other tools for on-demand second opinions.

3) The scan found a “PUA/PUP.” Is that malware?
Potentially unwanted applications aren’t always strictly malicious, but they’re often adware or bloat. If you didn’t intentionally install it, remove or quarantine it.

4) My PC won’t let me open Windows Security. What now?
Try Safe Mode, run Offline Scan, or check whether a third-party suite or Group Policy is managing Defender. You can also use PowerShell (Start-MpScan) to kick off a scan.

5) Will a malware scan recover encrypted files from ransomware?
A scan can remove the ransomware, but it won’t decrypt files already encrypted. Restore from backups or look for decryption tools specific to the ransomware family if available.