Defender antivirus could not completely remove a potential threat. Ran Defender offline, protection history is full of items dating back to February.

Hello, I’m Virginia an independent advisor with 20 years of expertise in fixing my own & friends’ PC problems.

Which Windows 10 build are you running - 1909, 2004, 20H2 or 21H1?

Try running these programs:

MBAM free: https://www.malwarebytes.com/mwb-download/

Eset online scanner: http://www.eset.com/us/online-scanner/

Adwcleaner: https://www.malwarebytes.com/adwcleaner/

If these find one or more infections but do not fully remove them it will be wise to register with a malware removal site to receive dedicated malware removal instructions, an expert will remain with you throughout the process until confirmation that your PC is 100% clean.

Malwarebytes virus/malware removal forum:

https://forums.malwarebytes.com/forum/7-windows...

Bleeping computer malware/virus removal forum:

https://www.bleepingcomputer.com/forums/forum22...

However I suspect Defender has a bug concerning the protection history, it will still list resolved & ignored threats & with every scan it states these ‘threats’ were resolved.

There used to be a way of deleting the protection history but I tried recently & they’re still there:

Go to C:\ProgramData\Microsoft\Windows Defender\Scans\History\ & delete the service folder, if you don’t wish to do that then delete the contents of the folder.

Then open Defender & toggle off then on the real time protection & cloud-delivered protection.

Disclaimer - This post contains reference to non-Microsoft websites and there may be ads on the page for products & services including products frequently classified as a PUP (Potentially Unwanted Product). Please thoroughly research any product / service advertised on the page before you decide to use them. Your discretion is very much advised.

Hi Glen,

I forgot to add yesterday, I did another full scan with MWB. It detected a trojan (machinist2.1.exe) which appears to be a third party add on in platinum ripper. It did detect it on scan 09/06/21 but for some reason didn't quarantine it. It's deleted now.

I also did a fill scan with Windows Security. It found a PUA (win32/conduit) in a winzip download on a backup. This is quarantined.

I'll try and get the App reset done today,

Regards

Hi Philip,

Since MalwareBytes did not detect anything, I think you can rest assured the any malware

that Defender detected, has been remediated.

As for the entries in Protection History from as far back as February, that is not proper.

Windows should purge them on a regular basis. Every 15 days I believe.

Perhaps a setting has been set, that disallows them from being purged.

Try this, using Windows PowerShell (admin). Right click "Start" and select it.

On the PowerShell screen enter this cmdlet.

Set-MpPreference -ScanPurgeItemsAfterDelay 01. Hit <enter>

Exit Hit <enter>

After one full day, the items in Protection History should be removed.

If they are, you should re-establish the "normal" purge frequency.

Once again, open PowerShell, and execute this cmdlet.

Set-MpPreference -ScanPurgeItemsAfterDelay 15 <enter>

Exit <enter>

With the History removed, see if Defender still "detects" the same malware that it was.

As for the folder "Service" being missing, that is also not proper. At "Scans\History you

should see 6 folders. Service being the fifth one down. If any of these folders are missing,

there must be something wrong with your W10 installation. If this is true, please reply, and

we will try to recover them.

Good luck, Glen

Thank you for your reply.

My windows build is 20H2.

I already run MBAW, the scan didn't find any problems. I ran Eset online scanner, apart from some Unwanted programs in back ups, which were deleted, nothing else was found.

I navigated to the Scan/History folder. There was a Cache Manager folder but no Service Folder. The Cache Manager didn't contain any files.

Defender still displays that couldn't completely remove a potential threat.

Regards

Hi Glen and thank you for your reply.

I set Set-MpPreference -ScanPurgeItemsAfterDelay to 1.

Checked after 24 hours, the Protection History still contains all of the previous items.

I rechecked ****  C:\ProgramData\Microsoft\Windows Defender\Scans\History\

There are now seven folders in there (I'm sure I was originally looking in in the correct location but I cant be 100% sure).

The Service Folder doesn't contain any files.

Also, I looked at the security settings in Defender. In Security Providers/Firewall/Manage Providers, it says "your IT providers had disabled Windows Security, contact your IT help desk".

And, "%1!s! has disabled Windows Security. Contact your IT help desk".

I don't know what "%1!s!" refers to unless something is corrupted.

As far As I can tell, everything that should be enabled is enabled.

Any thoughts?