Fix Defender Offline Scan Refusing to Reboot Into the Scan Environment on Windows 11

You click “Scan offline” in Windows Security, your PC restarts, but instead of the blue Microsoft Defender Offline environment, Windows 11 boots back to the desktop or a black screen. This leaves your system unprotected against persistent malware that standard scans cannot remove. The issue typically occurs when Windows Boot Manager is configured incorrectly, the BCD store is corrupted, or third-party security software interferes with the boot sequence. This article explains the root cause and provides six methods to force the offline scan to start.

Why Windows 11 Refuses to Boot Into the Defender Offline Scan Environment

The Microsoft Defender Offline scan runs from a minimal Windows Preinstallation Environment that loads before the main OS. When Windows 11 detects a boot failure from a previous restart, the Boot Manager sets a flag that prevents loading non-standard environments like the offline scanner. This is a safety feature designed to avoid boot loops. Three common triggers exist:

First, an interrupted or failed previous offline scan leaves a “boot failure” status in the Boot Configuration Data store. Second, third-party antivirus software hooks into the boot process and blocks the Defender boot loader. Third, Fast Startup in Windows 11 writes a hibernation file that the offline environment cannot read, causing it to abort and fall back to the normal boot path.

The BCD store contains an entry that points to the boot.wim file of the offline scan. If that entry is missing or points to a corrupted file, the boot manager skips it and loads the default OS entry. The methods below address each of these root causes.

Steps to Force the Defender Offline Scan to Start

Use these methods in order. Test the scan after each method before moving to the next.

Method 1: Disable Boot Failure Detection via Command Prompt

1. Open Command Prompt as Administrator
   Press the Windows key, type “cmd”, right-click Command Prompt in the results, and select “Run as administrator”. Click Yes in the User Account Control prompt.
2. Disable automatic failover on boot failure
   Type the following command and press Enter:
   bcdedit /set {default} recoveryenabled No
   This tells Windows not to attempt a recovery boot after a failed startup.
3. Set boot status policy to ignore all failures
   Type the following command and press Enter:
   bcdedit /set {default} bootstatuspolicy ignoreallfailures
   This prevents the Boot Manager from recording a boot failure flag that blocks the offline environment.
4. Close Command Prompt and restart
   Type exit and press Enter. Open Windows Security, go to Virus & threat protection > Scan options, select Microsoft Defender Offline Scan, and click Scan now.

Method 2: Disable Fast Startup

1. Open Power Options
   Press Windows key + R, type powercfg.cpl, and press Enter.
2. Open system settings for power buttons
   Click “Choose what the power buttons do” in the left sidebar.
3. Unlock the shutdown settings
   Click “Change settings that are currently unavailable” at the top of the window.
4. Uncheck Fast Startup
   Scroll to the Shutdown settings section, uncheck “Turn on fast startup (recommended)”, and click “Save changes”.
5. Restart and test the scan
   Shut down Windows completely. Power on the PC and immediately run the Defender Offline Scan from Windows Security.

Method 3: Repair the BCD Store

1. Boot from a Windows 11 installation media
   Insert a USB drive or DVD with Windows 11 setup. Boot from the media and select your language. Click “Next”, then click “Repair your computer” in the lower-left corner.
2. Open Command Prompt from Recovery
   Go to Troubleshoot > Advanced options > Command Prompt.
3. Rebuild the BCD store
   Type the following commands, pressing Enter after each:
   bootrec /scanos
bootrec /rebuildbcd
   When prompted, type Y to add the installation to the boot list.
4. Exit and restart
   Type exit, remove the installation media, and restart. Test the offline scan.

Method 4: Use the Offline Scan via Windows Recovery Environment

1. Boot into Windows Recovery Environment
   Press and hold the Shift key while clicking Restart from the Start menu. Wait for the blue recovery screen.
2. Navigate to the offline scan option
   Click Troubleshoot > Advanced options > Startup Settings > Restart. After the PC restarts, press 4 or F4 to enable Safe Mode.
3. Run the offline scan from Safe Mode
   Once in Safe Mode, open Windows Security, navigate to Virus & threat protection > Scan options, and select Microsoft Defender Offline Scan. Click Scan now.

Method 5: Temporarily Uninstall Third-Party Antivirus

1. Open Settings
   Press Windows key + I.
2. Go to Apps > Installed apps
   Scroll to find your third-party antivirus software. Click the three dots next to it and select Uninstall. Follow the on-screen prompts.
3. Restart and test the scan
   After the uninstall completes, restart Windows 11. Run the Defender Offline Scan immediately. If it works, reinstall your third-party antivirus and configure it to not interfere with Windows Security.

Method 6: Use the Microsoft Safety Scanner as a Fallback

1. Download the Microsoft Safety Scanner
   Go to the official Microsoft download page for the Safety Scanner. Download the 64-bit version for Windows 11.
2. Run the scanner
   Right-click the downloaded file and select “Run as administrator”. Accept the license terms. Choose a scan type: Quick scan, Full scan, or Custom scan. A Full scan is recommended for persistent threats.
3. Review and remove threats
   After the scan finishes, review the detected items and click “Clean” to remove them. The Safety Scanner does not require a reboot to the offline environment.

If Defender Offline Scan Still Refuses to Reboot

“Scan offline” button is grayed out

This occurs when Windows Security cannot verify that the boot configuration is intact. Open an elevated Command Prompt and run sfc /scannow to repair system files. Then run DISM /Online /Cleanup-Image /RestoreHealth. Restart and check the button again.

PC boots to black screen instead of the scan environment

A black screen indicates the boot.wim file for Defender Offline is corrupted or missing. Use the Windows 11 installation media method described in Method 3 to repair the BCD store. If that fails, perform a repair upgrade using the installation media by selecting “Keep personal files and apps”.

Offline scan runs but never completes

This points to a hardware issue, such as failing RAM or a corrupted hard drive. Run the Windows Memory Diagnostic tool: press Windows key + R, type mdsched.exe, and press Enter. Choose “Restart now and check for problems”. Also run chkdsk C: /f from an elevated Command Prompt to scan for disk errors.

Defender Offline Scan vs Microsoft Safety Scanner: When to Use Each

Item	Defender Offline Scan	Microsoft Safety Scanner
Boot environment	Runs from a pre-boot environment before Windows loads	Runs within the normal Windows environment
Malware detection	Can detect rootkits and boot-sector malware	Cannot detect malware that loads before Windows
Reboot required	Yes, the PC restarts into the scan environment	No, runs while Windows is running
Scan duration	Typically 15 to 30 minutes	Full scan can take 1 to 2 hours
Removal capability	Removes threats automatically during the scan	Requires user confirmation to clean each threat
Availability	Built into Windows Security on Windows 11	Separate download from Microsoft, valid for 10 days

You now have six methods to force the Defender Offline Scan to boot on Windows 11. Start with the BCD edit commands in Method 1 because they address the most common cause of the refusal. If that fails, disable Fast Startup and test again. As a final option, use the Microsoft Safety Scanner to perform a deep scan without relying on the offline boot environment. After the scan completes, re-enable Fast Startup through Power Options if you prefer faster boot times.