Share via

Windows Defender History And Offline Scan Does Not Work!

Anonymous
2021-05-02T14:08:09+00:00

Almost every time I run a scan, quick or full, it says that 1 threat found and action taken but when I check the history or allowed threats there is nothing there. I check the event viewer it does not have an ID that suggest that Defender found malware but when I try to run an offline scan it gives an error for 1 second that I cannot fully read and when it finishes (always gets stuck at %92) I cannot see the history of the scan. When I check the event viewer there are 5 things with event ID 5007 they all start with: Microsoft Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.

one of them fallows like this and others are similar:

Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\Scan\OfflineScanRun = 0x1

New value: HKLM\SOFTWARE\Microsoft\Windows Defender\Scan\OfflineScanRun = 0x0

For example there is one like this with same event ID and with the same warning, Old value: Default\ProductAppDataPath = C:\ProgramData\Microsoft\Windows Defender

  New value: HKLM\SOFTWARE\Microsoft\Windows Defender\ProductAppDataPath = C:\ProgramData\Microsoft\Windows Defender

I ran a malwarebytes scan and found nothing. This is very infuriating since I doubt that it is a virus because I am really careful about that kind of stuff but at the same time it really does feel like it is malware, just to clarify again my malwarebytes scans find nothing

Windows for home | Windows 10 | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

Anonymous
2021-05-02T20:18:27+00:00

Hi Mark1297,

No need to rebuild your OS complety, just yet!

The only thing that you have defined so far, as a problem, is the threat that you see repeat.

The progress bar for the Offline Scan never shows 100%.      92% is about average. You can't

rely on any progress bar being accurate.

The 5007 IDs that you discovered in the event viewer, are merely for information, that something

changed (normal).

MalwareBytes running clean, informs you that there is really no current malware present.

Since it is detected by Defender, and not MalwareBytes, it is probably a False positive, produced

by Defender.  

You can verify if this is true, by scanning your PC with the Microsoft Safety Scanner. The Scanner

and Defender both use the same definitions. What one detects, so should the other!

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

If the Scanner does not detect any malware, but Defender still does, Defender is reporting a False

positive.  Defender has the inclination to report items in its Detection History as current threats.

You can eliminate these false alerts by deleting Defender's "Detection History". The following link 

includes instructions for doing that.  It is completely safe.  Windows rebuilds the folder when it is

next needed. 

https://answers.microsoft.com/en-us/protect/forum/all/windows-defender-identifies-the-same-pup-as-a/63f17794-3815-4784-b9cd-c6059c8e0828  

Good luck,  Glen

Was this answer helpful?

2 people found this answer helpful.
0 comments

Answer accepted by question author

Anonymous
2021-05-03T08:40:04+00:00

Hi Mark,

I recall a fix for a problem very similar to yours, that you might give a try.

Unless you wish to keep your "Operational" log intact, their fix was to clear the Operational

log.  Nothing to lose but the current contents. It will begin to log anew, so in the future, the

new log will still be available.

Access the log as you did previously, and find "Clear Log..." in the right pane, and click it.

I have no idea, how or why this is effective. Others have said that it works, and all that it

costs is the current contents of your log.

Another possibility for a fix, is to "reset" Defender. This is also one that I cannot attest to,

since I am without any Defender malfunction. I have run it on my PC, however,  without

any adverse effect.  Its just another thing that you might try. It runs in less than 10 seconds.

If this works, please let me know.

Copy the following command string.        Then open Command Prompt.

PowerShell -ExecutionPolicy Unrestricted -Command "& {$manifest = (Get-AppxPackage *Microsoft.Windows.SecHealthUI*).InstallLocation + '\AppxManifest.xml' ; Add-AppxPackage -DisableDevelopmentMode -Register $manifest}"

On the command prompt screen, right click the blinking cursor, and the command will populate. 

Hit  <enter> and the command executes. Runs for less than 10 seconds. As I understand this,

it refreshes Defender.   Type "Exit" to close command prompt.

Restart, and scan with Defender.

If this eliminates the false positive, please let me know.

Thanks,  Glen

Was this answer helpful?

1 person found this answer helpful.
0 comments

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-05-02T23:14:50+00:00

    Hi Mark1297,

    Sorry to hear that you found no "Detection History".  That has been the solution for problems

    like this, for many.

    The fact that only Defender, (Quick or Full) detects the malware, it is certainly a False positive.

    Hardly worth rebuilding you complete OS for.  Maybe the next update to the Platform will fix it.

    Or the next Feature Update.    

    You could try SFC or DISM to see if they clear some kind of corruption, but since the failure is

    certainly a False positive it is hardly worthwhile. 

    Good luck,  Glen

    Was this answer helpful?

    0 comments
  2. Anonymous
    2021-05-02T22:00:13+00:00

    Hello Glen, As you said the scanner did not detect any malware. I went to the file location you said, there was not "Detection History" there was "History" and "Unknown" I deleted history (Keep in mind that this is under the service folder) I ran a scan and again it said one threat found and action taken also I checked if Windows rebuilt the file you told me to delete but it did not, what am I doing wrong :(

    Thank you

    Was this answer helpful?

    0 comments
  3. Lester Bernard Reyes 80,370 Reputation points Independent Advisor
    2021-05-02T14:41:25+00:00

    Hi and thanks for reaching out. My name is Bernard an Independent Advisor and a Windows fan like you. I'll be happy to help you out today.

    Do you have third party anti-virus? if yes that is normal that you cannot turn it on, if none, you may follow the steps below:

    First you need to check if you have work or school account:

    Open Settings> Click Accounts> Click Access work or school then disconnect account there, if no account or already disconnected and you have same issue follow the steps below:

    You need to get back the default services of Windows defender, you can do it here:

    https://www.tenforums.com/tutorials/57567-resto...

    Look for Windows Defender Advanced Threat Protection and

    Windows Defender Firewall

    Note: This is a non-Microsoft website. The page appears to be providing accurate, safe information. Watch out for ads on the site that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the site before you decide to download and install it.

    Method 2. Reinstall Windows Defender

    Open registry, then go to: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

    Then delete Windows Defender folder, then restart the PC and check it again.

    If none will work from the above solution I suggest to do an in-place upgrade wherein it will upgrade the device to the latest version and repair all issues without deleting any files.

    Note: before doing this make sure to create a restore point: https://support.microsoft.com/en-hk/help/402753...

    1. go to this link: https://www.microsoft.com/en-us/software-downlo...
    2. Select Download tool, and select Run. You need to be an administrator to run this tool.
    3. On the License terms page, if you accept the license terms, select Accept.
    4. On the What do you want to do? page, select Upgrade this PC now, and then select Next.
    5. After downloading and installing, it should fix the issue.

    Reference: https://www.microsoft.com/en-us/software-downlo...

    Note: if you receive error: “This Pc can’t be upgrade, follow the steps below”

    Method 1. Go to C:$WINDOWS.~BT\Sources\Panther then delete the file name compatscancache.dat

    Then try again or reboot the PC first then try again.

    You might not see the folder as it is hidden, make sure to show hidden files first.

    Let me know how does it goes and I hope that helps.

    Bernard

    Independent Advisor

    Was this answer helpful?

    0 comments