Access Scan Logs?

I want to view the logs of Windows Defender in Windows 8 to see exactly what it is scanning, I went to C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results, but they are all encrypted. Is there any way to decrypt them so I can open them in a program like Notepad?


It’s highly unlikely that these files contain a list of scanned files or anything useful that’s not already available in the application logs. The log at Applications and Services Logs/Microsoft/Windows/Windows Defender/Operational (In Event Viewer) is the primary source of information; and you can filter this log to create a Custom View that contains only the specific types of events that you’re looking for. Windows Defender Event IDs seem to correspond quite closely to the MSE IDs, so you can use this list for a rough guide:

1000 – Scan started

1001 – Scan completed

1002 – Scan stopped (canceled)

1005 – Scan terminated due to error

1011 – Item deleted from quarantine

1013 – History removed

1116 – Malware detection

1117 – Malware remediation

1119 – Remediation error (not found)

2000 – Successful update

2001 – Failed update

2002 – Engine update

2010 – Dynamic Signature Service retrieved additional signatures

2011 – Dynamic Signature Service discarded obsolete signatures

3002 – Real-time protection failure: behavior monitoring

5000 – Real-time protection enabled

5001 – Real-time protection disabled

5004 – Real-time protection configuration changed

5007 – Configuration changed




11 people found this reply helpful


Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.


Question Info

Last updated August 30, 2020 Views 4,284 Applies to: