Privacy and Security Change Time to Clear Windows Security Protection History in Windows 11


  • Staff
Windows_Security_banner.png

This tutorial will show you how to change how many days to automatically clear Windows Security protection history in Windows 10 and Windows 11.

The Protection History page in the Windows Security app is where you can go to view recommendations and actions that Microsoft Defender Antivirus has taken on your behalf, Potentially Unwanted Apps that have been removed, or key services (ex: SmartScreen) that are turned off.

Protection History only retains events for 15 days by default, after which they will automatically be cleared from history.

Protection history events that require action will not get cleared until you take action for them.

You can change the number of days to keep items in the scan history folder. After this time, Microsoft Defender removes the items. If you specify a value of zero, Microsoft Defender does not remove items.

It has been reported that Windows Security protection history is no longer getting automatically cleared. If you are seeing the same, then you can still manually clear the history below.




Contents

  • Option One: See Current Time to Clear Windows Security Protection History using Command
  • Option Two: Change Time to Clear Windows Security Protection History using Command
  • Option Three: Specify Time to Clear Windows Security Protection History in Local Group Policy Editor
  • Option Four: Specify Time to Clear Windows Security Protection History in Registry Editor


EXAMPLE: Windows Security Protection History

Windows_Security_protection_history.png





Option One

See Current Time to Clear Windows Security Protection History using Command


1 Open Windows Terminal, and select Windows PowerShell.

2 Copy and paste the command below into PowerShell, and press Enter. (see screenshot below)

Get-MpPreference | Select-Object -Property ScanPurgeItemsAfterDelay

3 You will now see how many days (ex: "15") is currently set for the ScanPurgeItemsAfterDelay.

Get_ScanPurgeItemsAfterDelay.png





Option Two

Change Time to Clear Windows Security Protection History using Command


You must be signed in as an administrator to use this option.


1 Open Windows Terminal (Admin), and select Windows PowerShell.

2 Type the command below into PowerShell, and press Enter. (see screenshot below)

Set-MpPreference -ScanPurgeItemsAfterDelay <days>

Substitute <days> in the command above with how many days (up to 4294967295 days) you want to clear protection history after.

0 days = Protection history does not get automatically cleared.

15 days = Default.

For example: Set-MpPreference -ScanPurgeItemsAfterDelay 15


3 You can now close Windows Terminal (Admin) if you like.

Set_ScanPurgeItemsAfterDelay.png





Option Three

Specify Time to Clear Windows Security Protection History in Local Group Policy Editor


You must be signed in as an administrator to use this option.

The Local Group Policy Editor is only available in the Windows 10/11 Pro, Enterprise, and Education editions.

All editions can use Option Four to configure the same policy.


1 Open the Local Group Policy Editor (gpedit.msc).

2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)

Computer Configuration>Administrative Templates>Windows Components>Microsoft Defender Antivirus>Scan

Clear_Windows_Security_Protection_History_gpedit-1.png

3 In the right pane of Scan in the Local Group Policy Editor, double click/tap on the Turn on removal of items from scan history folder policy to edit it. (see screenshot above)

4 Do step 5 (specify) or step 6 (default) below for what you would like to do.

5 Specify Time to Clear Windows Security Protection History

This will override Option Two.


A) Select (dot) Enabled. (see screenshot below)​

B) Type a number between 0 and 4294967295 for how many days you want in the Turn on removal of items from scan history folder field.​

0 days = Protection history does not get automatically cleared.


C) Click/tap on OK, and go to step 7 below.​

Clear_Windows_Security_Protection_History_gpedit-3.png

6 Do Not Specify Time to Clear Windows Security Protection History

This is the default setting to allow using Option Two.


A) Select (dot) Not Configured. (see screenshot below)​

B) Click/tap on OK, and go to step 7 below.​

Clear_Windows_Security_Protection_History_gpedit-2.png

7 You can now close the Local Group Policy Editor if you like.




Option Four

Specify Time to Clear Windows Security Protection History in Registry Editor


You must be signed in as an administrator to use this option.


1 Open Registry Editor (regedit.exe).

2 Navigate to the key below in the left pane of Registry Editor. (see screenshot below)

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Scan

If you are wanting to specify a time to clear protection history and do not have the Scan key, right click on the Windows Defender key, click/tap on New, click/tap on Key, type Scan for the name, and press Enter.


Clear_Windows_Security_Protection_History_regedit-1.png

3 Do step 4 (specify) or step 5 (default) below for what you would like to do.


 4. Specify Time to Clear Windows Security Protection History

This will override Option Two.


A) In the right pane of the Scan key, double click/tap on the PurgeItemsAfterDelay DWORD to modify it. (see screenshot below step 2)​

If you do not have a PurgeItemsAfterDelay DWORD, right click on an empty area in the right pane of the Scan key, click/tap on New, click/tap on DWORD (32-bit) Value, type PurgeItemsAfterDelay for the name, and press Enter.


B) Perform the following actions: (see screenshot below)​
  1. Select (dot) Decimal.
  2. Type a number between 0 and 4294967295 for how many days you want.

    0 days = Protection history does not get automatically cleared.

  3. Click/tap on OK.
C) Go to step 6 below.​

Clear_Windows_Security_Protection_History_regedit-2.png


 5. Do Not Specify Time to Clear Windows Security Protection History

This is the default setting to allow using Option Two.


A) In the right pane of the Scan key, right click on the PurgeItemsAfterDelay DWORD, and click/tap on Delete. (see screenshot below step 2)​

B) Click/tap on Yes to confirm, and go to step 6 below. (see screenshot below)​

Clear_Windows_Security_Protection_History_regedit-3.png

6 You can now close Registry Editor if you like.


That's it,
Shawn Brink


 
Last edited:
Tutorial updated to add options 3 and 4. :alien:
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
  • Like
Reactions: OAT
None of these work in 23H2. Time to edit or delete the tutorial?
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self build
    CPU
    Core i7-13700K
    Motherboard
    Asus TUF Gaming Plus WiFi Z790
    Memory
    64 GB Kingston Fury Beast DDR5
    Graphics Card(s)
    Gigabyte GeForce RTX 2060 Super Gaming OC 8G
    Sound Card
    Realtek S1200A
    Monitor(s) Displays
    Viewsonic VP2770
    Screen Resolution
    2560 x 1440
    Hard Drives
    Kingston KC3000 2TB NVME SSD & SATA HDDs & SSD
    PSU
    EVGA SuperNova G2 850W
    Case
    Nanoxia Deep Silence 1
    Cooling
    Noctua NH-D14
    Keyboard
    Microsoft Digital Media Pro
    Mouse
    Logitech Wireless
    Internet Speed
    50 Mb / s
    Browser
    Chrome
    Antivirus
    Defender
None of these work in 23H2. Time to edit or delete the tutorial?
Same for all machines i manage runnin 23H2 ScanPurgeItemsAfterDelay seems to get ignored by the Windows Defender complety.

I have checked the setting on diffrent machines, all are set to 15 days, and some have more then 5months of defender history in them.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
Same for all machines i manage runnin 23H2 ScanPurgeItemsAfterDelay seems to get ignored by the Windows Defender complety.

I have checked the setting on diffrent machines, all are set to 15 days, and some have more then 5months of defender history in them.
Hello, :alien:

Just to confirm, do the ones not deleted require an action?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
No actions needed, and the onces that did need action, are done the same day or week when notified.
Most messages have a Low status. (A few hunderd mostly controlled folder access)
Have translated the image to english:
Let me know if you need anything more.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
No actions needed, and the onces that did need action, are done the same day or week when notified.
Most messages have a Low status. (A few hunderd mostly controlled folder access)
Have translated the image to english:
Let me know if you need anything more.
Are you still able to manually clear the history using the method below?

 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
Are you still able to manually clear the history using the method below?
Yes! Some scripts are adjusted this week to make it work again:

Perhaps a note can be written that this might not work anymore on newer versions of windows 11. And then redirect them to the page to do it with the scripts you guys have provided.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
Yes! Some scripts are adjusted this week to make it work again:

Perhaps a note can be written that this might not work anymore on newer versions of windows 11. And then redirect them to the page to do it with the scripts you guys have provided.
:shawn:
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender

Latest Support Threads

Back
Top Bottom