Are Full Scan Reports archived?

I just ran a full scan.  It took over 6 hrs and I wanted to keep a log of what it found, how many files were scanned and what was done, but I couldn't see where to do that.  Are previous scan reports archived, or Is there a log kept somewhere?

Question Info

Last updated December 16, 2018 Views 2,049 Applies to:

The MpCmdRun.log file is a very readable resource for reviewing scheduled scans, updates and other events where the Command Line Utility is invoked by MSE itself.




However, this is an “internal events” log, which doesn’t include the results of manual scans (“Scan now” scans), context-menu scans, or command-line scans, and the MpCmdRun.log file doesn’t contain the wealth of information that’s available in the System Event Log:


1.) Open Event Viewer by typing “eventvwr” (or just “event”) in the search box and hitting the “Enter” key.


2.) Expand “Windows Logs” and click on the “System” folder.


3.) Click on the “Filter Current Log…” option in the “Actions” pane or “Action” menu.


4.) Select “Microsoft Antimalware” as the Event source and enter the relevant Event IDs from the list below, separated by a comma.


5.) Click on “Save Filter to Custom View” and name the Custom View.


The next time you open Event Viewer, simply expand “Custom Views” and click on the desired Custom View.


Partial list of MSE System Events:


1000 – Scan started

1001 – Scan completed

1002 – Scan stopped (canceled)

1005 – Scan terminated due to error

1011 – Item deleted from quarantine

1013 – History removed

1116 – Malware detection

1117 – Malware remediation

1118 – Malware remediation error (non-critical) [not confirmed]

1119 – Malware remediation error (critical)

2000 – Successful update

2001 – Failed update

2002 – Engine update

2010 – Dynamic Signature Service retrieved additional signatures

2011 – Dynamic Signature Service discarded obsolete signatures

3002 – Real-time protection failure: behavior monitoring

5000 – Real-time protection enabled

5001 – Real-time protection disabled

5004 – Real-time protection configuration changed

5007 – Configuration changed


Windows 7 also gives us the option to save a filtered log as a text file (“Save Filtered Log File As…” or “Save All Events in Cust…”).





1 person was helped by this reply


Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.