Extending Microsoft Standalone System Sweeper #

(UPDATE: Standalone System Sweeper has a new name: Windows Defender Offline. Unfortunately, Microsoft has restricted WDO to prevent the extended functionality described below.)

Following closely on the heels of the recently released Microsoft Safety Scanner (which is reminiscent of Trend Micro's classic SysClean), Microsoft has released their Standalone System Sweeper to the general public (download page). As mentioned previously, this bootable antimalware tool has been restricted to those with access to the Microsoft Desktop Optimization Pack (MDOP) / Diagnostics and Recovery Toolset (DaRT) as part of a TechNet, MSDN, or other subscription service (though the DaRT 7 beta is now available to anyone that completes a short questionnaire (Windows Live ID required)).

The newly-released Standalone System Sweeper has several benefits and drawbacks compared to DaRT:
+ no need to build a WinPE image, as it is bundled in the download
+ works on a wide variety of Windows hosts (unlike DaRT, which, with 3 or 4 different verions, is very particular about which OS it runs on)
- additional DaRT tools (Locksmith, File Restore, Disk Commander, etc) not included
- no obvious way to access standard Windows tools (chkdsk, cmd, regedit, diskpart, robocopy, etc) even though they are included in the disc image
Here's how to work around that last one:
  1. Click Home
  2. Click drop down arrow next to Help icon
  3. Click Check for updates > Browse...
  4. Click Computer > X: > Windows > System32
  5. Right click cmd (or notepad, taskmgr, etc) > Run as Administrator

Virus definitions (mpam-fe.exe) can be downloaded from Microsoft (choose the 32 or 64 bit versions next to the Security Essentials logo).

If you want to work with the registry, see Michael Pietroforte's instructions for using regedit as an offline registry editor.

/windows | May 30, 2011

Subscribe or visit the archives.