Windows Defender Identifies The SAME PUP As A Threat Repeatedly

Hey Glen....thank you for your reply. I appreciate it very much. I'm glad you knew exactly what I trying to do. You're right. It didn't dawn on me that it did start happening after the 2004 Windows 10 upgrade. Unfortunately your suggestion did not fix the problem. After I follow your instructions I ran a quick scan so Windows Security would eliminate the  PUP thread but no luck. It still reappear on the Virus & thread protection tap. Showing as current threats found and wanting to start the recommended action. 

I hope Microsoft fixes this glitch soon. Anymore suggestion you have I'll gladly appreciate it. Again thank you for your reply. Hope to hear from you soon.  Take care.

Regards

Pedro Jimenez III

Hi Pedro,

I am sorry to hear that it did not work for you.

Will you do a test for me, to assure that the Exclusion was properly executed?

Please open WindowsPowerShell Admin, by right-clicking "Start" and selecting it.

On the PowerShell screen, type the following cmdlets, each followed by  <enter>

$Preferences = Get-MpPreference     <enter>

$Preferences.ExclusionPath     <enter>

You should see the exclusions that you have set, for Windows Defender.

And you should see C:\Program Data\Microsoft\Windows Defender\Scans\History

When satisfied, type Exit   <enter>  To close PowerShell. If you saw the above, please

let me know.  If not, please execute the Exclusion process again.

Thanks,  Glen

Thanks Glen for you assistance. I really appreciate it. I did what you suggested with Powershell and it does show all the exclusions. Including the one I set for Windows Defender. I notice I had enter the wrong path and chosen wrong folder. I don't know why but I chose the scan folder twice.(...scan/scan/history). I've remove it and added the correct one. Unfortunately its still doing the same thing.  Let me know if anything else you want me to try. Stay safe.

Pedro Jimenez III

Hi Pedro,

Would you please observe Windows Defender Protection History to see if there is

still a reference to your PUP.

Thanks,  Glen

Hi Pedro,

After re-examining the article in Microsoft's DOCS, regarding exclusions, I discovered

that exclusions do not function for "On Demand Scans"

"The exclusions only apply to always-on real-time protection and monitoring. They don't apply to scheduled or on-demand scans."   Quoted from DOCS.     (I don't understand the logic)!

That being the case, in order to eliminate the repeated notifications from the PUP, it may be necessary to delete its entry from the "History", manually. Really not desirable, as it will require

a repeat of that action for subsequent PUPs.     Unless...

Only if the "Exclusion" for the "History Log" is applied when the next PUP is detected, in Real

Time, will the exclusion do any good.    We have to wait and see.   Seems doubtful.

Meanwhile, you should be able to eliminate this current notification by deleting its "History".

Navigate through Explorer as follows.

C:\Program Data\Microsoft\Windows Defender\Scans\(you may have to click "Continue"

to proceed past Scans) \History\Service.  Open each of the folders in "Service" to find

any reference to your PUP.  Delete that one. I don't have a PUP entry, so I cannot define it any closer.

Please let me know how this works out.    Glen

PS;

An OP posted this screenshot. He is having your same problem.

Do you see this in Scan Options when you Scan and get the repeat PUP notification?

  

If you do, have you ever tried to select "Quarantine" instead of "Remove". 

Perhaps if it is Quarantined, Windows Defender will no longer consider it.

Assuming "Remove" just isn't doing the job!!

Please give this a try and let me know if it helped.   Thanks,  Glen

Hey Glen, Good afternoon. Thanks you for all your help. I really appreciate it. Just let you know your last suggestion WORKED! I followed your instructions and navigated as follow: C:\Program Data\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory. I check each folder and found the 2 that always appear as current threats. I deleted them and ran a quick scan and no more PUPs. Thanks very much Glen. You're a Hero, Life saver and an Angel. You don't know how much time I spend online researching for a solution to this annoying threat messages.  I am very grateful you kept assisting me. May you have a Great Day. Stay Safe and God bless.

I didn't know If I can delete the whole files inside the DetectionHistory folder but at least the 2 causing the threat notifications are gone.

Best Regards

Pedro Jimenez III

Can you please help me. I have the same issue wherein 2 threats named PUA:Win32/InstallCore and PUA:Win32/Presenoker keeps poping up

Hi Vibhor,

Please see the EDIT at the bottom of page one of this discussion. If you have a problem

with that, please respond.

Glen

Well thanks to your edit. I am now able to find the program data folder. If I delete all the files and folder under the service tab will it work or will i be having any other trouble? Because I cant understand which file is for the PUP.

Hi Vibhor,

In the folder "Service", you should find some ".Log" files. Open "DetectionHistory".

This is where you should find what you are after. If you don't see any reference to

your PUP(s), just delete the contents of DetectionHistory.

     -----This is the response from an OP who used this procedure successfully-----

"Hey Glen, Good afternoon. Thanks you for all your help. I really appreciate it. Just let you know your last suggestion WORKED! I followed your instructions and navigated as follow: C:\Program Data\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory. I check each folder and found the 2 that always appear as current threats. I deleted them and ran a quick scan and no more PUPs. Thanks very much Glen. You're a Hero, Life saver and an Angel. You don't know how much time I spend online researching for a solution to this annoying threat messages.  I am very grateful you kept assisting me. May you have a Great Day. Stay Safe and God bless.

I didn't know If I can delete the whole files inside the DetectionHistory folder but at least the 2 causing the threat notifications are gone.

Best Regards "

Good luck,  Glen