Windows Defender Protection History Purge Issue


mccnavy

Well-known member
Member
VIP
Local time
3:03 PM
Posts
264
OS
Windows 11
I'm trying to avoid a repeat issue if it occurs in the future. Earlier this week I noticed ancient threat history item in Windows Defender. Since Microsoft prevents you from simply deleting the Service folder and clearing it now, I tried deleting the Event Viewer Log (another online recommendation)...that didn't work. I read and followed the online recommendations to boot into Safe Mode and then delete the Service folder. I did that, logged back into Windows, and it had worked, or so I thought. I immediately noticed that several Windows functions (logging in, opening File Explorer, Opening Windows Tools, etc.) became extremely slow. I found that they were tied to Windows Defender Realtime Protection. If I turned it off, everything was fine.

I tried repairing Windows Defender from within "Apps." When that didn't work I even tried "Reset" from within Apps. That didn't work either. I did a System Restore to before I removed the files but that failed to fix the issue too. Ultimately, I ended up doing a "Repair by Reinstall" and it has worked. However, I just used Powershell to see what the purge frequency is for Windows Defender Protection History. It came back with "0" meaning it never purges. I thought I read somewhere that it is supposed to be 15 days. Can someone please confirm what the purge history time is for 23H2? Also, should I need to purge it again, and not corrupt (or whatever happened) it again, is there another safer way to purge the protection history? Admittedly, this was right after Tuesday's Windows Update so it is very possible that did it too.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Intel i7-7700K
    Motherboard
    Asus Prime Z-270A
    Memory
    32GB 2666Mhz (Kingston Hyper X Fury)
    Graphics Card(s)
    Asus Nvidia 1050Ti
    Sound Card
    N/A
    Monitor(s) Displays
    Samsung C27F390
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 850 Evo 512GB
I use Defender UI to clear the history list. I turn off Tamper protection first then run the clear history. It auto boots to safe mode, does the job, then select reboot. Turn on tamper protection. Works for me.

gXoyXglP3H.png

76PtzjO9yg.png

 

My Computers

System One System Two

  • OS
    Win 11 Pro & πŸ₯.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    Samsung SSD 970 EVO Plus 2TB NVMe 1.3
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
Can someone please confirm what the purge history time is for 23H2? Also, should I need to purge it again, and not corrupt (or whatever happened) it again, is there another safer way to purge the protection history?
In this tutorial, @Brink says, "Protection History only retains events for 15 days by default, after which they will automatically be cleared from history."

I have found that deleting the Service folder is easy if Windows Defender isn't running. I have a little program that lets me stop Defender temporarily. It's called Defender Control, and it can be downloaded at Major Geeks:


but I don't recommend it, because it's very difficult to download and to install, because, quite naturally, Windows Defender regards it as a dangerous program (its purpose is to temporarily disable Defender) and tries to block the download, and then quarantines the program if you download it successfuly.

Another tack I might suggest, though, if the Safe Mode solution isn't working for you, is to get and install (temporarily) a third-party antivirus. When most such AV programs are running, Defender is disabled, and when Defender is not running, you can access and delete that Service folder with no problem.

Then I'd use Revo Uninstaller (Free) to uninstall the AV program and all of its leftovers, and once it's gone Defender will be back in action. And the Defender Protection History window will show "No Recent Actions."

If you think this sounds like a whole lot of trouble to get rid of a small issue, I agree completely.
 

My Computers

System One System Two

  • OS
    11 Pro 23H2 22631.3447
    Computer type
    PC/Desktop
    Manufacturer/Model
    Lenovo ThinkCentre M920S SFF
    CPU
    i7-9700 @ 3.00GHz
    Motherboard
    Lenovo 3132
    Memory
    32GBDDR4 @ 2666MHz
    Graphics Card(s)
    Intel HD 630 Graphics onboard
    Sound Card
    Realtek HD Audio
    Monitor(s) Displays
    LG E2442
    Screen Resolution
    1920x1080
    Hard Drives
    1 x Samsung 970 EVO PLUS 500GB NVMe SSD, 1 x WD_BLACK SN770
    250GB NVMe SSD (OS and programs), 1 x WD_BLACK SN770
    500GB NVMe SSD (Data)
    Case
    Lenovo SFF
    Keyboard
    Cherry Stream TKL JK-8600US-2 Wired
    Mouse
    LogiTech M510 wireless
    Internet Speed
    Fast (for fixed wireless!)
    Browser
    Chrome, sometimes Firefox
    Antivirus
    Malwarebytes Premium & Defender (working together beautifully!)
  • Operating System
    11 Pro 23H2 22631.3447
    Computer type
    PC/Desktop
    Manufacturer/Model
    Lenovo ThinkCentre M920S SFF
    CPU
    i5-8400 @ 2.80GHz
    Motherboard
    Lenovo 3132
    Memory
    32GB DDR4 @ 2600MHz
    Graphics card(s)
    Intel HD 630 Graphics onboard
    Sound Card
    Realtek High Definition Audio onboard
    Monitor(s) Displays
    LG FULL HD (1920x1080@59Hz)
    Screen Resolution
    1920 x 1080
    Hard Drives
    1 x Samsung 970 EVO PLUS NVMe; 1 x Samsung 980 NVMe SSD
    Case
    Lenovo Think Centre SFF
    Mouse
    LogiTech M510 wireless
    Keyboard
    Cherry Stream TKL JK-8600US-2 Wired
    Internet Speed
    Fast (for fixed wireless!)
    Browser
    Chrome
    Antivirus
    Malwarebytes Premium and MS Defender, beautiful together
@Fabler2

Thank you for suggesting that program. I hadn't heard of it, and I downloaded and installed it without incident, ran it with no problem, and was very pleased with the range of options and actions. I've kept the link for future use when visitors here need help with Defender. :-)

Dan πŸ™‹β€β™‚οΈ
 

My Computers

System One System Two

  • OS
    11 Pro 23H2 22631.3447
    Computer type
    PC/Desktop
    Manufacturer/Model
    Lenovo ThinkCentre M920S SFF
    CPU
    i7-9700 @ 3.00GHz
    Motherboard
    Lenovo 3132
    Memory
    32GBDDR4 @ 2666MHz
    Graphics Card(s)
    Intel HD 630 Graphics onboard
    Sound Card
    Realtek HD Audio
    Monitor(s) Displays
    LG E2442
    Screen Resolution
    1920x1080
    Hard Drives
    1 x Samsung 970 EVO PLUS 500GB NVMe SSD, 1 x WD_BLACK SN770
    250GB NVMe SSD (OS and programs), 1 x WD_BLACK SN770
    500GB NVMe SSD (Data)
    Case
    Lenovo SFF
    Keyboard
    Cherry Stream TKL JK-8600US-2 Wired
    Mouse
    LogiTech M510 wireless
    Internet Speed
    Fast (for fixed wireless!)
    Browser
    Chrome, sometimes Firefox
    Antivirus
    Malwarebytes Premium & Defender (working together beautifully!)
  • Operating System
    11 Pro 23H2 22631.3447
    Computer type
    PC/Desktop
    Manufacturer/Model
    Lenovo ThinkCentre M920S SFF
    CPU
    i5-8400 @ 2.80GHz
    Motherboard
    Lenovo 3132
    Memory
    32GB DDR4 @ 2600MHz
    Graphics card(s)
    Intel HD 630 Graphics onboard
    Sound Card
    Realtek High Definition Audio onboard
    Monitor(s) Displays
    LG FULL HD (1920x1080@59Hz)
    Screen Resolution
    1920 x 1080
    Hard Drives
    1 x Samsung 970 EVO PLUS NVMe; 1 x Samsung 980 NVMe SSD
    Case
    Lenovo Think Centre SFF
    Mouse
    LogiTech M510 wireless
    Keyboard
    Cherry Stream TKL JK-8600US-2 Wired
    Internet Speed
    Fast (for fixed wireless!)
    Browser
    Chrome
    Antivirus
    Malwarebytes Premium and MS Defender, beautiful together
@Fabler2

Thank you for suggesting that program. I hadn't heard of it, and I downloaded and installed it without incident, ran it with no problem, and was very pleased with the range of options and actions. I've kept the link for future use when visitors here need help with Defender. :-)

Dan πŸ™‹β€β™‚οΈ
Kudos goes to @Stigg for originally posting about DefenderUI. Funny that I even remembered that! (y)
 

My Computers

System One System Two

  • OS
    Win 11 Pro & πŸ₯.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    Samsung SSD 970 EVO Plus 2TB NVMe 1.3
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
Thanks...I recently started using DefenderUI too...nice tool. I wonder if my issue was not turning off Tamper Protection before deleting the files? I'll try that for next time...hopefully I won't need to.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Intel i7-7700K
    Motherboard
    Asus Prime Z-270A
    Memory
    32GB 2666Mhz (Kingston Hyper X Fury)
    Graphics Card(s)
    Asus Nvidia 1050Ti
    Sound Card
    N/A
    Monitor(s) Displays
    Samsung C27F390
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 850 Evo 512GB
Is the automatic purge of Defender History broken?
I tried setting the days until purge according to the first 3 methods in this tutorial. I first tried reading the days with Powershell and it returned nil indicating automatic purge was disabled. So, per #2 in the tutorial, I set the days to 15 using Powershell. But when I read it back with Powershell it returned nil again. Using gpedit per #3 in the tutorial I set the days to 14 but again Powershell read nil for the days until purge. I rebooted in case this was needed but it didn't help. It seems like the methods given in the turorial no longer activate the automatic purge of Defender History.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Ryzen 5 5600G
    Motherboard
    Gigabyte B550 Aorus Pro AC
    Memory
    Ripjaws 2x8GB 3600
    Graphics Card(s)
    CPU internal
    Monitor(s) Displays
    Sharp LC-32D64U
    Screen Resolution
    1920 x 1080
    Hard Drives
    WD_Black SN770 250GB
    PSU
    Antec Earthwatts 380w
    Case
    Antec Sonata
    Cooling
    Scythe Mugen
    Keyboard
    Microsoft KU-0459
    Mouse
    Gaming Mouse (eBay)
    Internet Speed
    500/500
    Browser
    Firefox
    Antivirus
    Windows Defender
    Other Info
    Low noise, low power dissipation
  • Operating System
    Windows 10 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    AMD 5350
    Motherboard
    ASUS AM1I-A
    Memory
    8GB
    Monitor(s) Displays
    Dell
    Screen Resolution
    1920 x 1080
    Hard Drives
    Kingston 120GB SSD
    PSU
    Antec Earthwatts 380W
    Case
    Antec NSK 3180
    Cooling
    AMD
    Mouse
    Dell
    Keyboard
    Dell
    Internet Speed
    440/20
    Browser
    Firefox
    Antivirus
    Windows Defender
Is the automatic purge of Defender History broken?
I tried setting the days until purge according to the first 3 methods in this tutorial. I first tried reading the days with Powershell and it returned nil indicating automatic purge was disabled. So, per #2 in the tutorial, I set the days to 15 using Powershell. But when I read it back with Powershell it returned nil again. Using gpedit per #3 in the tutorial I set the days to 14 but again Powershell read nil for the days until purge. I rebooted in case this was needed but it didn't help. It seems like the methods given in the turorial no longer activate the automatic purge of Defender History.
The 15 day timeout appears wrong. I have a warning about a potentially unwanted app dated 12th March which hasn't been delteed after 32 days.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self build
    CPU
    Core i7-13700K
    Motherboard
    Asus TUF Gaming Plus WiFi Z790
    Memory
    64 GB Kingston Fury Beast DDR5
    Graphics Card(s)
    Gigabyte GeForce RTX 2060 Super Gaming OC 8G
    Sound Card
    Realtek S1200A
    Monitor(s) Displays
    Viewsonic VP2770
    Screen Resolution
    2560 x 1440
    Hard Drives
    Kingston KC3000 2TB NVME SSD & SATA HDDs & SSD
    PSU
    EVGA SuperNova G2 850W
    Case
    Nanoxia Deep Silence 1
    Cooling
    Noctua NH-D14
    Keyboard
    Microsoft Digital Media Pro
    Mouse
    Logitech Wireless
    Internet Speed
    50 Mb / s
    Browser
    Chrome
    Antivirus
    Defender
Back
Top Bottom