Cannot Clear Full History In Windows Defender

Had a virus come in with a download: SoftwareBundler:Win32/ICLoader.D  some weeks ago.

Not a problem - Defender caught it - either I or Defender removed the relevant files - I forget which - including from Recycle Bin.

In any event, having done many scans since, results always show no threats found.

If I select "Scan History" I see "No Current Threats". Under Quarantined Threats or Allowed Threats, I select "See Full History" and I always get one item.  I click Clear History, get prompted for an admin acct password, the list appears to disappear, then re-appears - link a "blink". 

Once in a dozen times, the interface dies.  Have rebooted many times.  Have tried clearing from an admin acct directly.  Results are always the same.

Scans are show not threats.  System behaves normally.  

Tempted to look for where the Defender history is kept - have not found it in Registry.  I do not want to take ownership of system files/folders to go poking around.  Windows 10 makes it very hard for somebody to help themselves or even to learn without risking their system's integrity.

 

Question Info


Last updated April 13, 2019 Views 8,498 Applies to:

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

I'm neither using Windows 10 nor Windows Defender but I guess your issue has something to do with a bug which I thought was fixed with recent updates...

Please see here

Perhaps that helps....

===

If Windows Defender keeps on being troublesome, you might want to look for another Anti-Virus program...

Suggestion to read:

https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

and perhaps also the entire article...

May 4, 2018: I won't participate anymore in MC. Enough is enough.

2 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

We have a brand new Antimalware Engine that appears to correct the issue with the History tab in the classic Windows Defender UI, and it’s possible that this will also resolve your issue with the Full History page in the Windows Defender Security Center app. The only issue that I’ve noticed with the Full History page is that when I view the details and then exit and click on “See full history” a second or third time, it frequently crashes the interface. My bug report for the issue is being ignored as usual, but I’ll be rechecking that issue shortly.

Of course now that the issue with the History tab in the old interface is resolved, you should be able to use the old UI to clear the history if you still have the issue in the Windows Defender Security Center. The history data container for the UI might be hard to find, but you can always check the Windows Defender Operational log for malware detection and remediation events:

Right-click on the Start button and choose Event Viewer. Then navigate to:

Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational:

Click on Filter Current Log… in the Actions pane and enter “1116, 1117, 1119” for the Event IDs.

1116 – Threat detection

1117 – Threat remediation

1119 – Remediation failure

Then, optionally, click on Save Filtered Log File As… and save the log file to your desktop as a tab delimited text (*.txt) file.

Or we can get the History data directly from the container:

Right-click on the Start button and select Windows PowerShell, and then copy, paste, and enter this command at the prompt:

Get-MpThreatDetection

This will list the details for all of the detections logged in the Full History page, and won’t return a result when all of the entries have been cleared. By default, a threat detection will be cleared automatically after 15 days, but you can specify a different delay period (in days) by running this command at the Administrator PowerShell Prompt:

 

Set-MpPreference -ScanPurgeItemsAfterDelay 30

 

Or you can turn off the automatic clearing of detections by specifying a value of 0:

 

Set-MpPreference -ScanPurgeItemsAfterDelay 0

GreginMich

7 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I fired up the old GUI - never knew it was still available until the post from Jsssss.... - did not see any historical items lingering - did a hard shutdown and after the reboot the new UI showed no remaining history.

Thank you all.  It is disconcerting when your malware protection software is mis-behaving so I like to keep things tidy.

Cheers,

Michel

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

You're welcome, Michel.

Glad to have helped a bit...

Cheers,

Julia

May 4, 2018: I won't participate anymore in MC. Enough is enough.

2 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I’m still seeing the Windows Defender Security Center app crash when I try to open the Full History page a second time, after viewing the details on the page – so  I’m not sure that your issue has actually been resolved. If you’re up to it, you can check by adding a test detection to the Full History page – just attempt to download the eicar.com test file here:

http://www.eicar.org/85-0-Download.html

If the issue persists, then you might be able to work around it by turning off Privacy Mode:

Set-MpPreference -DisablePrivacyMode $True

GreginMich

3 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I am sure you are right.  All I did was exploit the old UI to clear the log.  Since others are having similar problems, there must be something wrong with the new UI when the logged info is in some state which is manageable by the old UI.  At least, I can clear the log using the old UI. 

I am not that concerned about the fundamental integrity of Defender since this issue seems to be UI related.  So far it has worked well enough for me compared to the more intrusive malware protection alternatives.  Eventually MS will get around to fixing the issue. At least there is a workaround.  There are other issues with more day-to-day consequences that warrant more attention.

Thanks again for the insights.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

You’re entirely welcome, Michel. There were a few people who thought that the issue with the classic Defender UI should be ignored because the replacement has already arrived. But some important features, like status reporting for third-party AV apps, were only included in the second version of the Windows Defender Security Center app (the current version) – and I’m sure that some new features and bug fixes will be included in the next iteration. So I’ve repeatedly made the point that the new Windows Defender Security Center app hasn’t actually arrived – it’s still in the process of arrival. And that’s why we wanted the issue with the classic UI fixed – so we could fall back on a stable UI when things went wrong with the one under development.

GreginMich

1 person was helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Set-MpPreference : You don't have enough permissions to perform the requested operation.
At line:1 char:1
+ Set-MpPreference -DisablePrivacyMode $True
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
   CimException
    + FullyQualifiedErrorId : HRESULT 0xc0000142,Set-MpPreference

this problem occurs

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Sorry, I omitted the instruction line:

 

Right-click on the Start button and select Windows PowerShell (Admin), and then copy, paste, and enter this command:

 

Set-MpPreference -DisablePrivacyMode $True

 

I had this same problem with clearing the Full History page in the Windows Defender Security Center app the other day, and I found that the History tab in the classic Defender UI had been properly cleared, and that turning off Privacy Mode didn’t help. But after another detection of the eicar test file, I was able to clear the Full History page.

 

 

GreginMich

 

 

3 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Sorry, I omitted the instruction line:

Right-click on the Start button and select Windows PowerShell (Admin), and then copy, paste, and enter this command:

Set-MpPreference -DisablePrivacyMode $True

I had this same problem with clearing the Full History page in the Windows Defender Security Center app the other day, and I found that the History tab in the classic Defender UI had been properly cleared, and that turning off Privacy Mode didn’t help. But after another detection of the eicar test file, I was able to clear the Full History page.

GreginMich

It Worked.. Thanx! But Shall I enable the privacy mode $False or let it be as it is....

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.