Helping people with computers... one answer at a time.

Virus programs are designed to be run in Windows normal mode. If you are looking for a suspected virus, there is a better way.

I read somewhere that one should reboot into safe mode to run all of your anti-virus program scans. Is this the best way? I thought in Safe Mode, there were things that you could not access. So will the scans be able to completely go through all of the computer? Is it really worth it to do this extra step?

In this excerpt from Answercast #45, I look at the idea that you should boot into Safe Mode to run a virus scan. A third-party solution might do a better job.

Scan in Safe Mode

Is it worth it? It really depends on what it is you're facing. Most anti-virus programs are, in fact, written such that:

  • Running them normally without having to reboot in the Safe Mode is the correct way to run them;

  • And will usually allow them to do their job completely.

That's one of the reasons that you'll often need to install them as administrator at some point along the installation path. They will give you the 'UAC prompt,' indicating that they are requesting administrator privileges, to get into the system at a low enough level so they can access everything they need to access to try and keep your computer safe.

Already infected

Now, the admonition to actually use Safe Mode usually happens after you've been infected. In other words, when I've read folks describing how to go about cleaning up after a malware infection, one of the things they suggest is to reboot into safe mode.

Now, there's a couple of reasons for that:

  • One is that when you run in Safe Mode, some of the software that starts automatically does not;

  • It's one way to try and prevent malware from automatically starting when you reboot your machine.

You do have access to everything on your machine – as if you had booted it normally. But some software that may be interfering with your anti-virus program's ability to clean up may not run when you reboot in Safe Mode.

Safe Mode is not necessary

In reality, I never do it. That's probably the bottom line for me.

  • I have never run an anti-virus scan on an otherwise working machine in Safe Mode.

If I'm looking into a potentially infected machine, it might be one of the things I try. But in reality, if I'm already facing a machine that I know is infected, I'm much more likely to go out and get something like Windows Defender Offline (or some of the other anti-malware tools that come on CD or DVD) that you boot from instead of booting your computer normally.

  • That pretty much guarantees that anything your machine is infected with will not run because you didn't try to boot Windows at all.

  • You're booting from whatever operating system was provided on the bootable or live CD.

That's a much more effective way to get around the same problem if you are trying to track down a suspicious machine, or a machine suspected of being infected with some form of malware.

  • So, the short answer is, "Day-to-day? No. You don't have to do it."

Effective virus scans

Your anti-malware tools are designed not to require that. If you're fighting a particular malware infection, it certainly is something you can do.

  • It certainly doesn't hurt to do it.

  • In fact, it can in some cases allow anti-malware tools to delete things that they otherwise could not.

But, in general, if you're going down that path anyway, I personally much prefer to get something that you boot from instead of booting Windows at all.

Article C5714 - August 20, 2012 « »

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

August 20, 2012 11:52 AM

The free anti-virus Avast has a function which allows you to do a full system scan just before Windows boot up. You can also choose to only scan all auto start programs.

August 21, 2012 9:29 AM

Only reason to do same would to me be rootkits..Although I do not think that safe mode is even safe enough. Usually as Leo says, just run most normally. But if prob's, run like in HitmanPro breach mode or whatever takes your fancy. Cutting down on running processes certainly helps to clean up malware. If serious a reboot is normally required.

August 24, 2012 4:21 PM

I have McAfee installed,and automatically in the updates gets Microsoft Security Essentials,can they co-exist and be used either way ? I also have Bit Defender they say is a different software and not interact with the others...... is this correct?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.