Tweet
Hello all, I’ve moved from Norton to test out WD & would like to know whether Defender automatically scans USB devices upon connecting or will auto scan the files upon accessing/opening?
Thanks,
Thanks,
-
-
No, but there is a way to do it without additional software.- Open Event Viewer
- Navigate to Applications and Services Logs\Microsoft\Windows\DriverFrameworks-UserMode
- Right-click Operational and click Enable Log
- Plug in your USB
- Refresh the logs and take note of the Event IDs under the “Pnp” category; mine are 2100, 2101, 2105, 2106
- Also take note of the letter drive of the USB; mine is F:
- Unplug your USB
- Refresh the logs and take note of the Event IDs under the “Pnp” category; mine are 2100, 2102
- In your desired directory, right-click → New → Text Document
- Enter the following in the text file
Code:@ echo off "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File F:\ Pause
- Replace the “F” with your USB drive letter and Save
- Back in the directory, click View and checkmark “File name extensions”
- Rename the file to USBScan.bat, or whatever you want it to be called, but it should have the .bat extension
- Open Task Scheduler
- Click Create Task
- Name it USB Scan or whatever you want
- Go to the Triggers tab and click New
- Change “Begin the task:” to “On an event”
- Under settings, click Custom and then New Event Filter…
- Under Event Level, change “Event logs:” to “Operational” by expanding Applications and Services Logs\Microsoft\Windows\DriverFrameworks-UserMode
- Change " to all non-overlapping Event IDs from steps 2 and 3; mine are 2101, 2105, 2106
- Click OK until you get back to the Create Task window, switch to the Actions tab
- Click Browse and find the batch file you created in step 4, Click OK and then OK again on the Create Task window
- Plug in your USB and wait for the cmd window to scan the USB.
-
I wanted to see if files were scanned upon accessing/opening them. I created a text file with the Eicar string on a USB & just as I’d saved the file Windows defender notified me of a virus, I clicked OK & then tried to open the file where Defender cleaned the ‘virus’. Tested also on a SD card with same results.Comment
-
Any more questions?Comment
-
Any updates for us? After 48 hrs this thread will be closed.Comment
-
I tested a USB by adding the Eicar test string to a text file & saving it to the USB, Windows Defender found it upon opening the file.
So can confirm WD is protecting files opened from a USB drive.
Thread can be closed as solved.Comment
-
Thanks for the update.Comment
Comment