Offline Antivirus – How to run Microsoft Safety Scanner on Windows PE 3.0This short tutorial describes how to use Microsoft Safety Scanner as a free offline antivirus tool with Windows PE 3.0.
A while back, I reviewed Safety Scanner, Microsoft’s free portable antivirus software. My major complaint was that it was not possible to use Safety Scanner as an offline antivirus tool on Windows PE 3.0. Fortunately, you can increase the scratch space of the Windows PE image to make Safety Scanner run. Note that only the quick scan and full scan features work on Windows PE. Customized scans are not possible because you can’t select folders under Windows PE.
Microsoft Safety Scanner as offline antivirus tool on Windows PE 3.0The fact that the Microsoft Safety Scanner runs on Windows PE makes the free antivirus tool much more useful because it allows you to scan a Windows installation while it is offline. Sophisticated viruses are difficult, and sometimes impossible to remove while Windows is running and the best way to remove them is to access the infected drive from a second OS while Windows is offline.
Windows PE is a good choice for an offline antivirus scan because the operating system is lightweight and boots up quickly. Many antivirus software vendors offer boot kits with their scan engines, which are usually based on Linux. The advantage of the Windows PE solution is that you can add Microsoft Safety Scanner to your Windows administration toolbox on your USB stick.
Of course, you can also create a boot CD with Windows PE and Microsoft Safety Scanner. I describe both options. I assume that you already downloaded and installed the WAIK for Windows 7 and the Microsoft Safety Scanner. Note that you need the 32-bit version of Safety Scanner even if you want to scan a 64-bit Windows, because in the scenario described here we will run the antivirus tool on Windows PE, which is 32-bit.
After you launch the WAIK command prompt from the Windows Start Menu with administrator privileges, you have to run this command sequence:
Create a boot CD with Windows PE and Microsoft Safety Scanner copype.cmd x86 c:\img
dism /mount-wim /wimfile:c:\img\winpe.wim /index:1 /mountdir:c:\img\mount
dism /image:c:\img\mount /set-scratchspace:512
copy msert.exe c:\img\mount\windows\system32
Note: You have to change to the folder where you downloaded Safety Scanner, or use Windows Explorer to copy msert.exe to the mounted Windows PE image.
dism /unmount-wim /mountdir:c:\img\mount /commit
copy c:\img\winpe.wim c:\img\iso\sources\boot.wim
oscdimg -n -bc:\img\etfsboot.com c:\img\iso c:\img\img.iso
Windows PE 3.0 – Set scratchspace
In Windows 7, you can then just right-click img.iso and burn the ISO image to a CD or DVD. For older Windows versions, you can use ISO recorder.
Create a bootable USB stick with WinPE and Microsoft Safety Scanner diskpart
list disk
select disk #
Replace ‘#’ with the drive number that the list command displays for your USB drive. Be careful because this procedure will erase the whole drive!
clean
create partition primary
select partition 1
active
format quick fs=fat32
assign
exit
copype.cmd x86 c:\img
dism /mount-wim /wimfile:c:\img\winpe.wim /index:1 /mountdir:c:\img\mount
dism /image:c:\img\mount /set-scratchspace:512
copy msert.exe c:\img\mount\windows\system32
Note: You have to change to the folder where you downloaded Safety Scanner, or use Windows Explorer to copy msert.exe to the mounted Windows PE image.
dism /unmount-wim /mountdir:c:\img\mount /commit
copy c:\img\winpe.wim c:\img\iso\sources\boot.wim
xcopy c:\img\iso\*.* /e g:\
Note: “g:” is the drive letter of your flash drive
