Windows Defender Offline and WinRE

By default I always use “reagentc /disable” so users with local administrative rights don’t do a reset of their whole computer.  With Windows 10 1703 now out and Defender’s Offline scan a bit more obvious in the Security Center, I noticed it wasn’t working at all.

Advanced scans

I wasn’t realizing that everything is all tied together with Windows RE. My current option seems to just have a PowerShell script to quickly run “reagentc /enable; Start-MpWDOScan” and manually run “reagentc /disable” after it starts back up.