Hello all, I’ve moved from Norton to test out WD & would like to know whether Defender automatically scans USB devices upon connecting or will auto scan the files upon accessing/opening?
Thanks,
Thanks,
Solved Windows Defender & scanning USBs/external drives.
- Thread starter Bastet
- Start date
-
Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.
Why not Click Here To Sign Up and start enjoying great FREE Tech Support.
This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
- Status
L
lkjk
No, but there is a way to do it without additional software.
1. Open Event Viewer
- Navigate to Applications and Services Logs\Microsoft\Windows\DriverFrameworks-UserMode
- Right-click Operational and click Enable Log
2. Plug in your USB
- Refresh the logs and take note of the Event IDs under the "Pnp" category; mine are 2100, 2101, 2105, 2106
- Also take note of the letter drive of the USB; mine is F:
3. Unplug your USB
- Refresh the logs and take note of the Event IDs under the "Pnp" category; mine are 2100, 2102
4. In your desired directory, right-click -> New -> Text Document
- Enter the following in the text file
- Replace the "F" with your USB drive letter and Save
- Back in the directory, click View and checkmark "File name extensions"
- Rename the file to USBScan.bat, or whatever you want it to be called, but it should have the .bat extension
5. Open Task Scheduler
- Click Create Task
- Name it USB Scan or whatever you want
- Go to the Triggers tab and click New
- Change "Begin the task:" to "On an event"
- Under settings, click Custom and then New Event Filter...
- Under Event Level, change "Event logs:" to "Operational" by expanding Applications and Services Logs\Microsoft\Windows\DriverFrameworks-UserMode
- Change "<All Event IDs> to all non-overlapping Event IDs from steps 2 and 3; mine are 2101, 2105, 2106
- Click OK until you get back to the Create Task window, switch to the Actions tab
- Click Browse and find the batch file you created in step 4, Click OK and then OK again on the Create Task window
6. Plug in your USB and wait for the cmd window to scan the USB.
1. Open Event Viewer
- Navigate to Applications and Services Logs\Microsoft\Windows\DriverFrameworks-UserMode
- Right-click Operational and click Enable Log
2. Plug in your USB
- Refresh the logs and take note of the Event IDs under the "Pnp" category; mine are 2100, 2101, 2105, 2106
- Also take note of the letter drive of the USB; mine is F:
3. Unplug your USB
- Refresh the logs and take note of the Event IDs under the "Pnp" category; mine are 2100, 2102
4. In your desired directory, right-click -> New -> Text Document
- Enter the following in the text file
Code:
@ echo off
"C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File F:\
Pause- Back in the directory, click View and checkmark "File name extensions"
- Rename the file to USBScan.bat, or whatever you want it to be called, but it should have the .bat extension
5. Open Task Scheduler
- Click Create Task
- Name it USB Scan or whatever you want
- Go to the Triggers tab and click New
- Change "Begin the task:" to "On an event"
- Under settings, click Custom and then New Event Filter...
- Under Event Level, change "Event logs:" to "Operational" by expanding Applications and Services Logs\Microsoft\Windows\DriverFrameworks-UserMode
- Change "<All Event IDs> to all non-overlapping Event IDs from steps 2 and 3; mine are 2101, 2105, 2106
- Click OK until you get back to the Create Task window, switch to the Actions tab
- Click Browse and find the batch file you created in step 4, Click OK and then OK again on the Create Task window
6. Plug in your USB and wait for the cmd window to scan the USB.
I wanted to see if files were scanned upon accessing/opening them. I created a text file with the Eicar string on a USB & just as I’d saved the file Windows defender notified me of a virus, I clicked OK & then tried to open the file where Defender cleaned the ‘virus’. Tested also on a SD card with same results.
- Status