Clearing Defender history after recent updates

Hi,

Up until recently, we were able to manually clear Windows Defender's detection history. The scriptable solution was to delete C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service folder. This served as a way to ensure any history of detections in the GUI were ones I hadn't looked at yet.

It seems that as of the last few days, this folder is protected by Defender and can't be removed. Things I've tried:

- Run a command window as SYSTEM

- Ensure Tamper Protection is disabled

- Various local policies to temporarily disable Defender

- Using sysinternals MoveFile to set a delete on reboot

You'll still get an Access Denied attempting to tamper with these files in any way, and for some reason the GUI option to clear history was removed. Any idea how to make a history look all clear would be appreciated.

Hi, Should always please star your OS.

Going to have to try the ones you did not mention : https://www.makeuseof.com/windows-microsoft-defender-clear-history/

Hi,

This has been experienced on both Windows 10 and 11 after last week's updates.

From that article: Option 1 is exactly the process described, it no longer works. Option 2 doesn't have anything to do with clearing the detection history, it works for clearing the event viewer which is unrelated. Options 3 and 4 are the same and allow you to schedule clears but don't let you clear anything manually. I'm guessing setting it to one day means you have to wait 24 hours because I've followed those processes about eight hours ago and the history hasn't cleared yet.

I may have discovered a workaround for this:

1. Install Malwarebytes and restart the computer.

2. Uninstall Malwarebytes but do not restart the computer immediately.

3. The Windows Security centre should show that the service is not active.

4. Delete all the files in C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service using File Explorer.

5. Restart the computer.

I hope this helps someone.

@cnfcomps  The problem of doing what you say is that instead of Defender as the A/V you have switched it to MBAM as it is a full fledged A/V program as well.

You need to follow the instructions below to have Defender back as the A/V and make exceptions as listed so that they can run together with no problems. :

https://www.howtogeek.com/230158/how-to-run-malwarebytes-alongside-another-antivirus/

(as do not run Defender) Might try this as a interface to bring out the hidden controls of Defender A/V : https://www.majorgeeks.com/files/details/configuredefender.html

& for the Firewall use WFC by a developer now working for MBAM (review with link to Interface for Control) :

https://www.makeuseof.com/windows-firewall-control-guide/

Not sure how helpful these are for cleaning but............

You can also use _AW_'s (Microsoft Answers Volunteer Moderator) DWDH tool to delete detection history....download, unzip, double-click on DWDH.exe to run and restart the computer when done.

• DWDH_2.0 direct download link

Do not know what is thought about this here @quietman7 but there is a new Windows Program : https://pcmanager.microsoft.com/en-us

PC Manager Microsoft's answer to CCleaner
 
While some features are useful, I have never been an advocate of programs which claim to boost, provide health checks and optimize Windows.
 
Microsoft’s Insane PC Manager App

I assume this is a Chinese language app that was translated into other languages, but I’m surprised that Microsoft would allow something this shoddily written to appear in public. But then I remembered the Windows Insider Blog and that we live in a new age....I strongly recommend ignoring this app.