How to Use Microsoft Defender Full Scan: A Step-by-Step Guide

Written by: Abigail Ivy
Published on:

How to Use Microsoft Defender Full Scan

Microsoft Defender Antivirus is built into Windows 10 and Windows 11 and provides real-time protection against viruses, spyware, ransomware, and other malware.

A full scan goes beyond quick checks and examines more of your system, making it a practical way to verify whether hidden threats are present.

If you want to understand how to use Microsoft Defender full scan correctly, it helps to know when to run it, what it does differently from other scan types, and how to handle any issues that appear during the process.

What a Microsoft Defender full scan checks

A full scan searches your computer’s files, running processes, startup items, and many common locations where malware can hide.

Compared with a quick scan, it is more thorough and can take much longer depending on your storage size and system activity.

During a full scan, Microsoft Defender can detect a range of threats, including:

  • Viruses and worms
  • Trojan horses and backdoors
  • Spyware and adware
  • Ransomware and malicious scripts
  • Potentially unwanted applications, depending on your settings

It is not a forensic tool and will not replace deeper endpoint security solutions in enterprise environments, but for most home users it is an important built-in defense layer.

When should you run a full scan?

Use a full scan when you want more confidence than a quick scan provides.

Common situations include noticeable slowdowns, pop-up ads, browser hijacking, unexpected crashes, or after opening a suspicious attachment or downloading software from an unfamiliar source.

A full scan is also useful if you have just disabled another antivirus product, installed Windows updates, or want a periodic health check on a machine that stores sensitive data.

How to use Microsoft Defender full scan in Windows Security

On Windows 10 and Windows 11, the most direct way to start a full scan is through the Windows Security app.

  1. Open Start and search for Windows Security.
  2. Open the app and select Virus & threat protection.
  3. Under Current threats, select Scan options.
  4. Choose Full scan.
  5. Select Scan now.

Microsoft Defender will begin scanning the system and may continue working in the background while you use the computer.

For best results, avoid heavy tasks during the scan so the process can complete faster.

What to expect during the scan

A full scan may take anywhere from several minutes to more than an hour.

The time depends on factors such as CPU speed, drive type, the number of files stored on the device, and whether the system is scanning large archives or compressed files.

You can usually keep using the computer, but performance may feel slower because Defender is actively reading files and checking them against malware definitions and behavioral indicators.

If your device is on battery, connect it to power before starting a long scan.

What happens after Microsoft Defender finds a threat?

If Defender detects an item during the scan, it will typically recommend one of several actions: quarantine, remove, or allow.

In most cases, the safest choice is to let Defender quarantine or remove the threat unless you are certain the file is safe and flagged incorrectly.

After the scan, review the Protection history section in Windows Security to see details about detected items, actions taken, and any items that need attention.

This area is useful for confirming whether the threat was contained.

How to schedule or automate full scans?

Windows Security does not always make full-scan scheduling obvious in the main interface, but Microsoft Defender is managed by Windows Task Scheduler and enterprise policy settings behind the scenes.

For individual users, the most practical approach is to run a full scan manually on a regular basis.

If you need recurring scans, you can create a scheduled task or use Microsoft management tools in business environments, such as Microsoft Intune, Group Policy, or Microsoft Defender for Endpoint.

Those tools allow administrators to standardize scan timing across many devices.

How to run a full scan from PowerShell or Command Prompt?

Advanced users can start a Microsoft Defender full scan with built-in command-line tools.

This is helpful for automation or remote administration.

Open PowerShell as an administrator and run:

Start-MpScan -ScanType FullScan

You can also use Windows PowerShell to check Defender status before scanning with commands such as Get-MpComputerStatus.

These tools are part of Microsoft Defender’s PowerShell module and are commonly used by IT administrators.

How to improve full scan results

A full scan is more effective when Microsoft Defender definitions are current and your system is in good working order.

Before scanning, update Windows Security definitions and install pending Windows updates if possible.

  • Keep Microsoft Defender antivirus and antimalware definitions current
  • Close unnecessary apps to reduce system load
  • Free up disk space if the drive is nearly full
  • Restart the PC if it has not been rebooted recently
  • Disconnect from unfamiliar USB drives or external media unless needed

If you suspect a stubborn infection, booting into Safe Mode with Networking and running a scan can sometimes reduce the malware’s ability to interfere with Defender.

What if the full scan is stuck or will not start?

Occasionally, users find that a scan appears frozen, takes unusually long, or fails to launch.

This can happen because of outdated security intelligence, conflicts with another antivirus program, or corrupted system files.

Try these steps:

  • Restart the computer and try again
  • Update Microsoft Defender definitions
  • Check whether another antivirus product is installed
  • Run sfc /scannow from an elevated Command Prompt if system files may be damaged
  • Use the Microsoft Defender Offline scan if malware is blocking normal scanning

If Windows Security shows a warning that another antivirus is active, Defender may be in passive mode, which can limit some scan actions.

In that case, resolve the conflict or use the installed security product’s own scan feature.

Should you use full scan, quick scan, or offline scan?

Each scan type serves a different purpose.

A quick scan checks common infection points and is ideal for routine use.

A full scan is broader and better for suspected infections or periodic checks.

An offline scan restarts the computer and scans before Windows fully loads, which can help remove persistent malware.

  • Quick scan: Fast, routine check
  • Full scan: Thorough scan of the system
  • Offline scan: Best for hard-to-remove threats

For most users, the best approach is to use quick scans regularly and full scans when there is a specific reason to investigate the system more deeply.

How to use Microsoft Defender full scan on a regular security routine

A strong Windows security routine includes more than just one scan type.

Keep Windows updated, use a standard user account for daily work, avoid downloading unknown software, and review protection alerts when they appear.

Microsoft Defender works best as part of that layered approach.

If your device handles work files, financial data, or personal records, a monthly full scan is a sensible baseline.

If you notice suspicious behavior, run one immediately and follow up with the Protection history view to confirm the outcome.