Ever wanted to have ConfigMgr 2012 R2 (SCCM) scan for virus in a machine that is offline? Look no further, Windows Defender Offline will help you.
To add Windows Defender Offline you do the following:
- Download Windows Defender Offline
- Download the latest definition updates
- Create a ConfigMgr package that contains Defender Offline
- Create a task sequence that runs the virus scan
Step 1 – Download Windows Defender Offline
Download the x64 version of the offline defender package and save it to a temporary location. I used C:\Tmp.
Step 2 – Download the latest definition updates
Download the latest definition updates, save them to C:\Tmp, and then rename mpam-fe.exe to mpam-fex64.exe.
Step 3 – Create a ConfigMgr package that contains offline defender
Get the needed files
- Create a source folder for your Offline Defender package, I used \\CM01\Sources\OSD\OfflineDefender in this example.
- Download the Run-WDO.wsf sample vbscript wrapper to CM01SourcesOSDOfflineDefender.
- Copy the ZTIUtility.vbs script from your MDT 2013 files package to \\CM01\Sources\OSD\OfflineDefender.
- Copy the mpam-fex64.exe file to \\CM01\Sources\OSD\OfflineDefender.
- Create a Sources subfolder in \\CM01\Sources\OSD\OfflineDefender.
- Using 7-Zip, extract the downloaded imagepackage64.exe to C:\Tmp.
- Using ImageX or DISM, mount the C:\Tmp\imagepackage64\sources\boot.wim file to a folder. I used C:\Tmp\Mount.
- Copy the contents of the C:\Tmp\mount\Program Files\Microsoft Security Client folder to CM01SourcesOSDOfflineDefenderSources, and then unmount the boot.wim file.
Create a standard ConfigMgr package named Offline Defender, with no program, distribute the content.
Step 4 – Create a task sequence that runs the virus scan
The final step, create a new ConfigMgr task sequence using the MDT custom template. I named my task sequence Run Offline Defender.
Keep the Gather and Use Toolkit action (not required, but in general useful to have), and remove the other actions.
Add a Run Command Line that use the Offline Defender package, and has the following command line:
Deploy the new task sequence to a collection where your machines you want to scan exist.
PXE boot any of the machines, and select the Run Offline Defender task sequence.
Happy Deployment, Johan