Safe Mode

Safe Mode

What is Safe Mode?

Basically, Windows “Safe Mode” is a boot option that loads only the most basic drivers needed for Windows to run at all.

There are a few different sets of drivers that can be loaded, depending on which kind of “Safe Mode” you select to be started.

The one we will usually choose to fight off malware is the “Safe Mode with Networking” option, since that will allow us to download and update the tools we need.

 

When and why is it useful?

Running your computer in “Safe Mode” can be very convenient for trouble-shooting, because the limited number of startups often eliminates the reason for the computer to malfunction.

Since only the bare essentials start up in “Safe Mode”, there are hardly any reasons for conflicts to occur.  With trouble-shooting in this context, we obviously include removing malware that hinders the normal use of programs when Windows is fully loaded.

Although some types of malware (e.g. rootkits) are able to run in “Safe Mode”, most will not. So “Safe Mode” gives you the opportunity to remove malware with less of a struggle.

msconfig

Safe boot options from msconfig

 

How do I get there?

The preferred, but not always available way to boot to “Safe Mode” is by using msconfig. After running msconfig you can find the “Safe boot” options under the “Boot” tab. Once you have made your changes click “Apply” and “OK”. Then you should see a prompt like this one.

restart

Restart prompt

The other method involves tapping the F8 key during boot (for Windows 8 while pressing the Shift key). If successful you will be shown a menu including these options.

 

F8bootmenu

The Safe Mode menu after using F8 during boot

As mentioned earlier. When you are fighting malware you will usually want the “Safe Mode with Networking” option. Select the one you want and hit “Enter”.

Why is it not “safe”?

Despite the name, “Safe Mode” is not very safe. In fact, you are probably safer in normal mode.

Active protection software, like for example your anti-virus and Malwarebytes Anti-Malware will not be running in “Safe Mode” and the only software firewall that works is the built-in Windows firewall, if enabled and only in the “Safe Mode with Networking” mode, obviously.

So my advice would be to use it only if necessary and then get back to normal as soon as possible. If you used the msconfig method to reboot into “Safe Mode” you will have to use msconfig to uncheck the “Safe boot” option and reboot to get back in normal mode,

Summary

This post tries to explain what safe mode is, when you could need it and why it is not recommended to use it for other reasons.

Recommended reading:

More elaborate explanation on how to get into safe mode, also for older Windows versions: Computerhope

Article about which drivers get loaded in safe mode by Microsoft

Basic instructions on how to use Malwarebytes Anti-Malware in safe mode

If you came here because your computer automatically booted into safe mode, read this article at Howstuffworks.

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.