Windows 10: Defender Offline Scan boot loop – Part 2

[German]In part 1 I’ve discussed, what’s causing error code 0x80070578 in Windows Defender. In part 2 I will discuss, how to fix Windows Defender Offline boot loop, that prevents Windows 10 start.


Advertising


What’s Windows Defender Offline (WDO)?

Microsoft provides Windows Defender Offline (WDO), to scan systems in an offline mode against malware. WDO has been integrated in Windows 10 since Anniversary Update (Version 1607). Here are the steps to use this mode.

Start01

1. Click to Start and then select the Settings icon to invoke the Settings app.

2. Within the Settings app go to Update & security and then to sub category Windows Defender.

WDO

3. Scroll down in the right pane and click the button Scan Offline (only available for administrator accounts).

Windows 10 will reboot and you may see the Please wait message.

Booten in Windows Defender Offline

The Windows Defender Offline will be loaded – you will see a progress bar.

Windows Defender Offline laden

If WDO is ready, you will see the Windows Defender GUI and a Defender scan runs in offline mode.

Windows Defender Offline Scan

Windows Defender Offline uses always a quick scan. There is also an Update tab (see screenshot below), where you are able to load new definition file updates via Internet.

Windows Defender Offline Update-Infos

For previous Windows versions Windows Defender Offline (WDO) may be launched from USB sticks or optical media. Microsoft has described the procedure here. This Microsoft site provides download links for 32- and 64-Bit-ISO files for WDO.

A problem with Windows Defender Offline scan in Windows 10

Windows 10 comes with a build-in WDO mode (see above), that bears the risk of a boot loop (see Windows 10: Windows Defender drops error 0x80070578 – Part 1). There is a possible scenario, where WDO tries to scan the disks during boot, but can’t finish that. The user is advised to restart its machine. But after a restart the WDO scan starts again and ends in a reboot – the system is trapped in a boot loop. After I stumbled upon this error, I started searching the web. Here are a few hits from English Microsoft Answers forum.

My computer won’t boot to windows from windows defender offline
My Windows 10 is not able to Login Due to Defender
Windows Defender Offline for Windows 10
How do I get my computer to boot up regularly after running the WDO scan?

Then I tried to provoke this behavior within a virtual machine – but I failed. I terminated the scan, did multiple hard reset of my VM and also installed a third party AV software. Nevertheless Windows 10 was able to boot.

What could be the reason for the boot loop?

Within part 1 (see Windows 10: Windows Defender drops error 0x80070578) I mentioned Windows Defender error 0x80070578, that is based on outdated Windows Defender signature files. As mentioned above, Windows Defender Offline (WDO) is able to load new signature filtes via internet. I suppose, that third party antivirus software (Mc Afee, Norton, Kaspersky and so on) deactivates Windows Defender. So WDO isn’t able to update his signature files. Maybe non compatible versions of antivirus software are responsible.

If the user tries a WDO scan in Windows 10, the system is at risk for the boot loop. But my experience made within a virtual machine stands in contradiction to my first theory. First, I thought, it’s a kind of “broken by design” WDO issue – but there is an option in WDO to terminate offline scan. Gladly I stumbled upon another scenario, that could explain the behavior. The German user facing the problem with WDO scan boot loop tried to do a Windows 10 reinstall and ended with a “hard disc locked” error. So the explanation is simple: A damaged system/boot structure causes the boot loop – because WDO can’t reset the boot option to a Windows 10 boot.

First step: Safe important data

My first recommendation is to safe important data, before trying to repair the system. It’s possible to use an offline backup software (like Paragon Disk Director Suite 15) and boot the machine with an emergency media (DVD, USB stick). Then create a system image backup and safe important user files.

An alternative is: booting the machine in Windows PE (using a system repair disk, CD, as recovery drive, USB stick, or a Windows 10 install media and entering computer repair option). In Windows PE it’s possible to copy user files via command prompt windows from the Windows disk to an external media (USB stick or USB drive).

Tip: You can launch notepad.exe via command prompt window in Windows PE. Go to File – Open and use the Open dialog box als a mini file manager. Set the file type filter in Open dialog box to All files (*.Ü). Then you may the dialog box to navigate to your Windows drive and use context menu commands to copy files to an external drive. But note, that the “file manager” don’t automatically refresh – so it seems, that file operations wasn’t successful. Just press F5, to refresh the content of the dialog box. Also hidden files won’t be shown.

Fix #1: Try an automatic startup repair

Interrupt the system boot process for 3 times (remove batteries from a notebook, switch power off), The the machine shall switch to Windows PE environment and tries to do a startup repair.

Startreparatur

If the automatic repair message occurs, just follow the instructions given on the screen. In some forums I found the suggestion to keep the shift key pressed during forcing the system into a restart. This should force the system into Windows PE with its extended start options.

If automatic startup repair isn’t invoked, you can try to boot the machine using an install or recovery media. If an install media is used, try Computer repair option, offered in the 2nd setup screen to enter Windows PE. You need to select the language settings (below is the dialog box from a German install media).

Windows Setup Sprache auswählen

Then use the hyperlink Repair your computer shown in setup dialog box (see also).

Computerreparaturoptionen auswählen

Then you will see the Windows PE environment – where you will see the page Chose an option.

Click Troubleshoot and go to Advanced options in the next page. Within the Advanced options page select the Startup Repair tile and let Windows PE try to repair your start configuration (see also Windows 10 hangs with error code 0xc0000034).

If it goes well, this repair is successful and your machine will boot into Windows 10.

Fix #2: Try a system restore

If fix #1 didn’t work, boot your system into Windows PE and go to Advanced options (see above). Select the tile System Restore. Maybe Windows System restore is able to fix the issue and the machine will boot Windows 10 again. But I’m not too optimistic that fix #1 and fix #2 will cure the system.

Fix #3: Try to repair the boot environment

In some cases the boot environment (BCD store) is damaged or not accessible. Try to boot the system with Windows PE (see Fix #1). Then use diskpart to set partition with \boot folder as active. In a last step populate BCD store with necessary entries. According to this forum thread it could help. Have a look at the MS Answers thread Issue with updating BCD(Boot Configuration Data) in Windows 8.1 for details how to rebuild BCD store.

Fix #4: Try a System Image Recovery

If you have a system backup, boot into Windows PE and go to Advanced options (see above). Select the tile System Image Recovery and reload the system image backup. All data on your machine are lost.

Fix #5: Reinstall Windows 10

If the fixes mentioned above won’t help, grab a Windows 10 install media and try to re-install the operating system. All your data and installed programs are lost, but your machine should be back to life.

Fix #6: Repair a Hard Disk Lock error

If you try to reinstall Windows 10, perhaps a “Hard Disk Lock” error is reported, and setup refuses to install. This was the case within the German MS Answers-thread. This is also an explanation, why Windows Defender Offline can’t terminate and a boot loop occurs.  It you are facing this scenario, use my blog post How to fix Windows-Setup Hard Disk locked error to cure your system.

Ok, I hope, one of the fixes proposed above will help to end the Windows Defender Offline boot loop. If you come across another solution/root cause, please feel free to left a comment.

Articles:
Windows 10: Windows Defender drops error 0x80070578 – Part 1
Windows 10: Defender Offline Scan boot loop – Part 2

Similar articles
Win10 Wiki
Windows 10: Open command prompt window as administrator
Trick: How to upgrade to Windows 10 using a clean install
Microsoft Windows and Office ISO download tool
Windows 10 Version 1511 via Media Creation Tool “is back”
How to fix Windows-Setup Hard Disk locked error
Windows 10: System restore fails with error 0x81000203



This entry was posted in issue, Windows and tagged , , , , . Bookmark the permalink.

2 Responses to Windows 10: Defender Offline Scan boot loop – Part 2

  1. bodmer manuel says:

    Actually i just solved wdo loop by disable csm and change hd from raid to ahci. Alot simpler no? I ended up in the wd loop after switching grafic cards and changing my bios from normal to asus. Well bios popped up from alone after switching grafic cards and asus optimized said its more silent…so i tried. On first startup it said my grafic card doesbt support uefi and thus csm is activated. Btw same grafic card i used before oO but the trigger might be the anti spy ware like u said because since today my adaware tries to update and it cant. So maybe it locked the hd? Not sure what led to the wd loop but the fix i found is pretty simple so i thought i let u know 🙂

    • guenni says:

      Thx – computers are nasty things – a lot of voodoo. Hope the information collected here help other users.

Leave a Reply

Your email address will not be published. Required fields are marked *