Does Veracrypt block Windows Defender Offline Scan?
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
I have a virus on my HP laptop (system drive encrypted with Veracrypt). I tried to run Defender Offline Scan - a process that should take up to fifteen minutes. I'm able to launch the scan from Windows Security, but the process won't complete. This is what occurs:
Laptop confirms it is restarting.
Veracrypt asks for password.
Boots to a 'Please Wait' screen, but only for ten seconds.
Veracypt asks for password again.
Boots, and moments later I'm taken to the regular Windows login screen.
Anyone else encountered this? Please advise.
Last edit: Harry Turner 2023-05-22
I'm wondering now if I need to unencrypt my system drive before I attempt to use Defender offline scan. That might be the answer. I think I'll try this tomorrow.
Yes, decrypting my system drive (took many hours) has allowed Defender Offline Scan to proceed. I suppose it makes sense that an encrypted drive would be un-scanable by anti-virus software.
My troubles aren't over though - the offline scan results are not showing up in Windows. This seems to be a common issue. The scan gets up to around 95% before quitting and going back to the windows login screen. I'm troubleshooting that now.
I'm confused about the behavior you're experiencing. I would've thought, using the build in offline scan should work even with encryption in place, as on-the-fly-decryption should take place before Defender is started.
Anyway, I wouldn't use the built-in antivirus software of the infected system in the first place, as you cannot guarantee that it's not been compromised. You should put the affected drive into another, clean computer as a secondary drive, mount it and perform an offline scan from this clean system.
But to be frank, in my opinion, the only reasonable thing to do with an infected system is: wipe and start over. Only way to make sure, it's clean again.
Greets
I'm inclined to agree with you about starting over with a new install of Windows. However, I'm still curious to see if Defender finds anything, so I might try your suggestion of hooking it up as a secondary drive and see what happens with a scan. Cheers.