Windows 10: 0x800b0109 in WDO / Windows Defender Offline

Having two problems with Windows Defender Offline: Fresh download from Microsoft and immediately create a USB stick, but upon boot, it says "This app requires up-to-date virus and spyware definitions. You'll need to install the latest definition updates before scanning your PC. So I click "Update definitions" and it indicates it is downloading and installing .... downloading and installing .... downloading and installing.... and then it FAILS and will not allow me to do an offline scan. The WDO Error code is "0x800b0109".Error description: The definition updates couldn't be installed. P

:)

 

Incompatibility problems with Windows defender OFFLINE: Caution / Warning using WDO

The problems below are currently (3/27/3016) being worked on by Microsoft support level III in India.

For the anniversary edition (version 1607) of windows 10, windows defender OFFLINE (WDO) was integrated into the operating system. The OFFLINE feature is available when opening windows defender and clicking in the right upper corner on settings. A pop
up will appear and on this pop up is an options to click on windows defender OFFLINE.

Information about WDO is available immediately after a clean install of windows 10 version 1607.

Others have reported blue screen boot loops using WDO and there are threads available in Microsoft TechNet and Microsoftanswers as well as via google search. Those that had reported WDO boot loops reported their problems but did not know how to reproduce
it. This thread provides information on how to reproduce the windows defender OFFLINE blue screen boot loop.

There have been no blue screen boot loop problems running windows defender in quick or full mode

The problems are only with running windows defender OFFLINE where the end user could encounter blue screen boot loops.

The problem with WDO blue screen boot loops was reproduced or confirmed twice using windows driver verifier.

These are the steps to set up windows driver verifier: Driver Verifier-- tracking down a mis-behaving driver.

These are the steps to set system failure settings: https://answers.microsoft.com/en-us...ing-them/1939df35-283f-4830-a4dd-e95ee5d8669d

Steps:

1) right click left lower corner windows icon

2) click system

3) click advanced system settings

4) click settings in startup and recovery

5) remove check mark from automatically restart

6) modify write debugging information to automatic memory dump

7) in the box immediately to the right of the windows icon or the search box type verifier

8) then run

9) move the dot from create standard settings to create custom settings (for code developers)

10) select all settings except randomized low resources simulation and DDI compliance checking and if present DDI compliance checking (additional)

11) move the dot from automatically select unsigned drivers to select driver names from a list

12) click on the column heading provider

13) places check marks in all providers that are not Microsoft (typically there are approximately 12 drivers on a clean install) and many more on a system that has computer manufacturer installed drivers

14) finish

15) restart

16) computer produces a blue screen with stop code driver verifier detected violation

17) power off

18) power on

19 ) repeat power off and power on until automatic repair

20) when troubleshooting menu is available navigate to start up options

21) choose number 6 safe mode with command propmpt

22) enter the command: verifier /reset

23) shutdown or restart using the command: shutdown -r or shutdown /r or shutdown -s or shutdown /s

24) if that does not work then enter exit and then open task manager with control shift escape then file then new task then shutdown /s

25) reboot to desktop

26) if interested you can look at the minidump or memory.dmp files to find information about the driver triggered by windows driver verifier

27) enter windows defender in the search box next to the left lower corner windows icon

28)) open windows defender and click on settings in the right upper corner

29) in the pop up windows scroll to the bottom and above the version information is windows defender OFFLINE

30) click on windows defender OFFLINE

31) it will reboot, then it will load windows defender with a green bar, then it will open windows defender and run a quick scan

32) after the scan you will be back on the desk top

33) up to this point there should not have been any incompatibility problems (one run of windows driver verifier producing a blue screen and one run of windows defender OFFLINE). Each of these programs has required a reboot in order to run.

34) run windows driver a second time having already run one WDO

35) when it reboots you will blue screen with stop code driver verifier detected violation and power off and power up goes to a WDO load and WDO quick scan. This is the WDO blue screen boot loop. The troubleshooting menu is no longer available as each
attempt to go into the advanced troubleshooting menu is overcome by a WDO load and WDO quick scan. Canceling the WDO has no impact on the blue screen boot loop.

Attempted repairs when in the WDO blue screen boot loop can be performed with a bootable windows 10 iso downloaded from: Download Windows 10

Most often your computer will boot to the flash drive.

In case it doesn't boot to the flash drive the method for boot depends on the computer manufacturer and the bios boot order settings

For HP computers clicking on F9 allows choosing the flash drive as the bootable source

From the bootable windows 10 iso file navigate to repair

All repairs available have failed multiple times.

Unlike the troubleshooting menu on your computer the flash drive windows 10 iso file does not have startup repair options. So there is no safe mode with command prompt

If you attempt reset and save files you may get either:

The drive where windows is located is locked. Unlock the drive and try again

or

There was a problem resetting your PC. No changes were made.

If you attempt reset and remove all files you may get either:

Unable to reset your PC. A required drive partition is missing

or

Resetting this PC. There was a problem resetting this PC.

Steps to perform clean install:

highlight the drive where the windows operating system is located and delete the partition

highlight the same drive and delete the next partition and continue to delete all partitions for the drive where windows is located.

Once all partitions are deleted the drive is unallocated.

Using the bios the drive if an internal hard drive can be sanitized

Alternatively the drive can be formatted when reinstalling the windows 10 operating system.

The reinstallation of windows 10 from the bootable iso is relatively quick compared to the amount of time it takes for the updates. The update time will depend on the bandwidth or download speed. It could take several hours especially if your speed is
low like 5 MB/sec and it could be fast if your speed is close to 1000 MB/sec.

The above steps were performed on a computer that had factory installed windows 7 professional that had been upgraded to windows 10 professional. It had factory installed drivers and applications but no other applications or files.

The above computer then had the windows 10 clean install.

After the clean install no other software was installed.

No HP drivers were installed.

No HP applications were installed.

No browsers were installed.

The Microsoft level III manager from India then established remote access using support.microsoft.com/help and the LogMeIn software.

The control panel was viewed and there were 8 programs. The msconfig startup options were viewed. Task manager was viewed. Windows driver verifier was ran once and produced a blue screen with stop code driver verifier detected violation. The advanced
troubleshooting was opened on the computer and safe mode with command prompt was used to enter the command verifier /reset. Upon return to the desktop the LogMeIn session was reestablished. The system settings were modified by unchecking automatic start.
The windows defender offline (WDO) was then clicked and upon reboot it loaded and ran a quick scan. Upon reboot the LogMeIn session was reestablished again. Windows driver verifier was then ran a second time. It produced stop code driver verifier detected
violation. After power off and power on it went into WDO blue screen boot loop.

The computer was then booted using flash drive with 10 iso. None of the repair methods in troubleshooting worked. The windows 10 operating system was then reinstalled. First the partitions were deleted and then the OS was installed.

The above was done after a regularly used computer had the unexpected WDO blue screen boot loop.

Many computers had undergone preventative maintenance using windows driver verifier to detect misbehaving drivers. All computers produced driver verifier blue screens. Some had displayed only the stop code driver verifier detected violation. Others had
displayed more information about the driver. The driver typically had the ending .sys. One driver was uninstalled and reinstalled. A rerun of windows driver verifier displayed a second driver. While looking up the various stop codes or drivers windows
defender scans were run. First they were ran in quick mode. Then they were ran in full mode. And then they were run in OFFLINE mode. Windows driver verifier was then run again on one computer and this computer went into the WDO blue screen boot loop.

All of the computers that had one run of windows driver verifier and one run of windows defender OFFLINE can no longer have a run of windows driver verifier. No further preventative maintenance can be done to find misbehaving drivers using windows driver
verifier as the computers would like have WDO blue screen boot loops.

The above steps on a second computer were made to see if this WDO boot loop was reproducible. And it was reproducible twice.

The first reproducible test was with a factory installed windows 7 professional operating system that was upgraded to windows 10 professional.

Using a smart phone camera a video was shot of the notebook computer monitor while this computer was in WDO blue screen boot loop. This is a one drive link to the zipped video: https://1drv.ms/u/s!AhdfDD74t_q2ixVTJLjNCz06mvjB

The second reproducible test was after a clean install with only drivers installed by the windows 10 iso. There was no other software on the computer. Running windows driver verifier once with a resulting blue screen followed by a windows defender OFFLINE
scan and followed again by a windows driver verifier reproduced again the WDO blue screen boot loop.

In summary others have reported a blue screen boot loop using windows defender OFFLINE (WDO). The above steps have provided a reproducible way to see the WDO blue screen boot loop. The only method to recover from the WDO blue screen boot loop reported
to date is a clean installation. Caution is advised for all those using WDO as it may put your computer at risk for a WDO blue screen boot loop.

Microsoft support level III India is working on this problem and has forwarded the incompatibility reports to the Microsoft product group.

* Moved from Windows 10 *

 

Windows defender offline disables mouse

Unfortunately we have seen some reports where keyboard and mouse were not working with Windows Defender Offline (WDO) but don't know the cause behind it.

Why are you trying to scan your system?

Stephen Boots have suggested here a list of other bootable scanners that you can try:

Keyboard and Mouse not Working with WDO

Prashant Kumar

 

Windows Defender Offline

Windows defender offline, a tool that will scan my PC Windows 8.1 offline has performed this scan with a satisfactory outcome for many years to date.

Recently I downloaded windows defender offline from,
https://support.microsoft.com/en-ca/help/17466/windows-defender-offline-help-protect-my-pc, with a satisfactory download result to a USB Flash drive.

MSSSTOOL64, when activated, in normal mode will download updates to WDO USB in normal mode.

However when WDO is run WDO opens with a Red Screen and informs me to update.

Activate WDO update and WDO scans for updates.

ERROR 0x80072f78; a connection to the update server couldn't be established. Please try to install the definitions update later is the result.

Open in this RED WDO SCREEN and requesting an Update the WDO Scan selection is disabled and without the update Windows Defender Offline is non functional without the update definitions.

When I called Microsoft help line the first comment from the Technical Agent is Upgrade to Windows 10.

Windows 10 Protocols for WDO Definition updates are attempting to be accessed by a Windows 8.1 operating system which leads me to ask this question that a Tool I have used for many years is now no longer available to me unless I update to Windows 10.