Share via

Microsoft Safety Scanner

Craig J 0 Reputation points
2026-05-18T23:57:33.6033333+00:00

I'm running Microsoft Safety Scanner and while it's running a deep scan it's showing multiple infected files. When it completes and I'm looking for a log of the infected files, it shows that there were no infected files found. Has anyone seen this behavior before? Is there a log that I can access showing the files it thought were infected?

Microsoft Security | Microsoft Defender | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shikha Ghildiyal 7,170 Reputation points Microsoft Employee Moderator
    2026-05-19T01:18:29.1966667+00:00

    Hi Craig J,

    Thank you reaching out to Microsoft QnA.

    If the Microsoft Safety Scanner (MSERT) found a number of infected files during the scan but the final scan results indicate no malware was detected...this is normal behavior . It is not unusual for Defender (or other security software) to suspect and warn about possible threats during a scan (a preliminary status indication) but later determine the file(s) were not an actual confirmed threat(s) upon completion. 

    Also, you can Run and review the results of a Microsoft Defender Offline scan using this guide- https://learn.microsoft.com/en-us/defender-endpoint/microsoft-defender-offline

    Also, there can be false positives. You can check details here - https://learn.microsoft.com/en-us/defender-endpoint/defender-endpoint-false-positives-negatives

    So, if scanning does not show any files, it means all is good.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments
  2. Q&A Assist
    2026-05-18T23:57:49.94+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Microsoft Safety Scanner writes its detailed results, including detected items, into the msert.log file under the Windows debug folder. The on-screen summary may show “no infected files found” even if items were flagged during the scan (for example, if they were inside archives or were later determined not to be malicious), so checking the log directly is the reliable way to see what was detected.

    To view the log and see what files were reported as infected:

    1. Select Start.
    2. In the search box, type or paste: 
         %systemroot%\debug
      and press Enter.
      • %systemroot% is the Windows folder (typically C:\Windows).
    3. In that folder, double-click the file named msert (this is the log file, often msert.log).
    4. Scroll through the file to find entries related to detections. Errors and codes usually start with 0x, and detections will be listed with file paths.

    This log is the place to confirm which files were flagged during the scan, even if the final summary dialog shows no infections.

    If the scanner reports errors instead of infections, match any error codes you see (for example, 0x80508019, 0x80508007, 0x8050800C, 0x8050A005, 0x8050A002) with the documented causes and remedies in the same article where msert is described.

    References:

    Was this answer helpful?

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.