This tutorial will show you how to change how many days to automatically clear Windows Security protection history in Windows 10 and Windows 11.
The Protection History page in the Windows Security app is where you can go to view recommendations and actions that Microsoft Defender Antivirus has taken on your behalf, Potentially Unwanted Apps that have been removed, or key services (ex: SmartScreen) that are turned off.
Protection History only retains events for 15 days by default, after which they will automatically be cleared from history.
Protection history events that require action will not get cleared until you take action for them.
You can change the number of days to keep items in the scan history folder. After this time, Microsoft Defender removes the items. If you specify a value of zero, Microsoft Defender does not remove items.
It has been reported that Windows Security protection history is no longer getting automatically cleared. If you are seeing the same, then you can still manually clear the history below.
Clear Windows Security Protection History in Windows 11 Tutorial
- Option One: See Current Time to Clear Windows Security Protection History using Command
- Option Two: Change Time to Clear Windows Security Protection History using Command
- Option Three: Specify Time to Clear Windows Security Protection History in Local Group Policy Editor
- Option Four: Specify Time to Clear Windows Security Protection History in Registry Editor
EXAMPLE: Windows Security Protection History
1 Open Windows Terminal, and select Windows PowerShell.
2 Copy and paste the command below into PowerShell, and press Enter. (see screenshot below)
Get-MpPreference | Select-Object -Property ScanPurgeItemsAfterDelay
3 You will now see how many days (ex: "15") is currently set for the ScanPurgeItemsAfterDelay.
You must be signed in as an administrator to use this option.
1 Open Windows Terminal (Admin), and select Windows PowerShell.
2 Type the command below into PowerShell, and press Enter. (see screenshot below)
Set-MpPreference -ScanPurgeItemsAfterDelay <days>
Substitute <days> in the command above with how many days (up to 4294967295 days) you want to clear protection history after.
0 days = Protection history does not get automatically cleared.
15 days = Default.
For example: Set-MpPreference -ScanPurgeItemsAfterDelay 15
3 You can now close Windows Terminal (Admin) if you like.
You must be signed in as an administrator to use this option.
The Local Group Policy Editor is only available in the Windows 10/11 Pro, Enterprise, and Education editions.
All editions can use Option Four to configure the same policy.
1 Open the Local Group Policy Editor (gpedit.msc).
2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)
3 In the right pane of Scan in the Local Group Policy Editor, double click/tap on the Turn on removal of items from scan history folder policy to edit it. (see screenshot above)
4 Do step 5 (specify) or step 6 (default) below for what you would like to do.
This will override Option Two.
0 days = Protection history does not get automatically cleared.
This is the default setting to allow using Option Two.
7 You can now close the Local Group Policy Editor if you like.
You must be signed in as an administrator to use this option.
1 Open Registry Editor (regedit.exe).
2 Navigate to the key below in the left pane of Registry Editor. (see screenshot below)
If you are wanting to specify a time to clear protection history and do not have the Scan key, right click on the Windows Defender key, click/tap on New, click/tap on Key, type Scan for the name, and press Enter.
3 Do step 4 (specify) or step 5 (default) below for what you would like to do.
This will override Option Two.
If you do not have a PurgeItemsAfterDelay DWORD, right click on an empty area in the right pane of the Scan key, click/tap on New, click/tap on DWORD (32-bit) Value, type PurgeItemsAfterDelay for the name, and press Enter.
- Select (dot) Decimal.
- Type a number between 0 and 4294967295 for how many days you want.
0 days = Protection history does not get automatically cleared.
- Click/tap on OK.
This is the default setting to allow using Option Two.
6 You can now close Registry Editor if you like.
That's it,
Shawn Brink