Windows 10 and later has "Microsoft Defender Antivirus Offline Scan", which can remove some malware that cannot be removed without restarting Windows. First, you click on the "Scan Options":
Then you select "Microsoft Defender Antivirus (offline scan)", and click "Scan now":
Windows will then prompt you to confirm, and restart Windows.
But after migrating Windows to a larger SSD, somehow I lost the recovery partition on my boot drive, and after getting prompted to restart Windows, Windows does not actually restart.
Then I found online that when the recovery partition is not present, this feature will not work. So I started to restore the recovery partition on my boot drive.
First I ran "reagentc /info" on the command line, and confirmed that "Windows RE" was disabled:
Then I confirmed that "Windows RE" could not be simply enabled by running "reagentc /enable":
After that, I started to re-create the recovery partition.
1. In the Windows Disk Management tool, I shrank the main Windows partition to make room at the end of the disk to create a new partition:
The partition size was set to 1024MB, or 1GB. A simple volume was created, and a drive letter "R" was temporarily assigned. Then I create the directory "R:\Recovery\WindowsRE".
2. I mounted Windows installation iso file as drive "F". I then used the following command to list all the Windows images available:
dism /Get-WimInfo /WimFile:D:\sources\install.wim
I then picked the index in the result list that matched my installation, created a directory "C:\Mount", and then ran
dism /Mount-Wim /WimFile:F:\sources\install.wim /Index:<IndexNumber> /MountDir:C:\Mount /ReadOnly
3. I then copied the hidden, protected operating system file "C:\Mount\Windows\System32\Recovery\Winre.wim" into "R:\Recovery\WindowsRE" as well as "C:\Windows\System32\Recovery".
4. I then unmounted the image:
dism /Unmount-Wim /MountDir:C:\Mount /Discard
5. Then I ran the following:
reagentc /setreimage /path R:\Recovery\WindowsRE
reagentc /enable
6. At this point, Windows RE has been enabled:
7. The drive letter "R" was removed.
8. Finally, to turn the new partition into a recovery partition, I used "diskpart":
diskpart
list disk
select disk <DiskNumber> (replace <DiskNumber> with the number of your disk)
list partition
select partition <PartitionNumber> (replace <PartitionNumber> with the number of the recovery partition)
set id=27 override ("set id=de94bba4-06d1-4d40-a16a-bfd50179d6ac override" for GPT drive)
After that, the "Microsoft Defender Antivirus Offline Scan" is working again.
Disclaimer and Caution: Be very careful with "diskpart" and the Windows Disk Management tool! Serious data loss could occur if you execute anything wrong!
