Categories
Design

How to see what malware windows defender found on your pc

How to see what malware windows defender found on your pcSource: Windows Central

Microsoft Defender Antivirus is one of the best antivirus for Windows 10, which offers real-time protection against viruses, spyware, ransomware, and many other forms of malware. Although the security feature works in the background automatically and usually notifies you of any suspicious or unwanted activities, it also provides a protection history report to help you stay informed and take action on the device security as necessary.

The protection history is part of the Windows Security app, and it shows a list of recent malware detections with information that allows you to determine if the threat has been cleaned, removed, or quarantine until an update arrives to Windows 10 to resolve the problem.

If you’re using the anti-ransomware feature, the history will also show blocked actions, which you can review and allow if the default action was a false-positive.

In this Windows 10 guide, we’ll walk you through the easy steps to view the malware detection history by Microsoft Defender Antivirus using the Windows Security app and PowerShell commands.

How to view malware protection history using Windows Security

To see all the malware detections on your device, use these steps:

  1. Open Start.
  2. Search for Windows Security and click the top result to open the app.
  3. Click on Virus & threat protection.

Under the “Current threats” section, click the Protection history option.

Source: Windows Central

Confirm the list of threats found by Microsoft Defender Antivirus.

Source: Windows Central

Quick note: If you don’t see any items listed, you can breathe a little easier since it indicates that Microsoft Defender hasn’t detected any malware. If you want to make entirely sure that the device isn’t infected, you can always run a full scan with these steps.

Select the item to view more information, including malware type, severity level, detection date, category, and information about the item’s location.

Source: Windows Central

(Optional) If the list includes various items, you can also use the Filters option in the top-right corner to filter the view by:

  • Recommendations.
  • Quarantined items.
  • Cleaned items.
  • Blocked actions (Blocked folder access, Blocked items, and Rule-based block).
  • Severity (Severe, High, Moderate, and Low).

Source: Windows Central

Once you complete the steps, you’ll have a better understanding of your device’s current security.

How to view malware protection history using PowerShell

Alternatively, you can also get a history list of the malware that Microsoft Defender Antivirus has detected with PowerShell commands.

To query a list of detected threats with PowerShell, use these steps:

  1. Open Start.
  2. Search for PowerShell, right-click the top result, and select the Run as administrator option.

Type the following command to view a history of threats and press Enter:

See the list of threats found on your computer with information like threat execution, active status, and infected file location.

Source: Windows Central

(Optional) Type the following command to view a list of active and pass malware detections and press Enter:

See the list of malware detections with information like detection date, location of the infected file, action, and more

Source: Windows Central

After you complete the steps, you’ll be able to determine the malware that Microsoft Defender was able to detect on Windows 10.

In the above steps, we’re mentioning to commands, and if you’re wondering the difference between the two. The Get-MpThreat command is meant to show a history of threats, while the Get-MpThreatDetection command can list active and past malware detections by the antivirus.

You can learn more ways to manage the antivirus on Windows 10 using PowerShell with this comprehensive guide.

More Windows 10 resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:

FFXIV director Naoki Yoshida wants to work on the MMO for another 10 years

The director and producer of Final Fantasy XIV, Naoki Yoshida, has just made a few announcements concerning future content for the Endwalker expansion and his own future involvement with the game. Read on to learn more about what Yoshida has to say.

5 reasons why Microsoft canceling ‘Project Andromeda’ was the right choice

Microsoft’s Project Andromeda got a full unveiling thanks to our reporting. While many fans of Microsoft lament the decision to cancel the project, there are very few reasons to believe it would have worked out. Here are five justifications for why killing the OS was a good idea.

Join us LIVE for the Windows Central Video Podcast today at 2:30PM ET

We’re LIVE with the Windows Central Video Podcast today at 2:30pm ET, make sure you’re there!

These 10 apps are must-haves apps for any new Windows PC

You just purchased a new PC and set it up, and now you’re looking for some great apps. Look no further. These are the best apps for your new Windows 10 PC.

Benj Edwards is an Associate Editor for How-To Geek. For over 15 years, he has written about technology and tech history for sites such as The Atlantic, Fast Company, PCMag, PCWorld, Macworld, Ars Technica, and Wired. In 2005, he created Vintage Computing and Gaming, a blog devoted to tech history. He also created The Culture of Tech podcast and regularly contributes to the Retronauts retrogaming podcast. Read more.

How to see what malware windows defender found on your pc

If you use Windows Defender Antivirus for malware detection and removal on Windows 10, it’s easy to keep an eye on Defender’s performance with a built-in list of every threat the utility has detected on your PC. Here’s how to view it.

First, open the Start menu and type “Windows Security.” Select the “Windows Security” app that pops up.

(Note, Windows Defender is now known as Windows Security.)

How to see what malware windows defender found on your pc

Using the sidebar in Windows Security, select “Virus & Threat Protection.” Then click or tap “Protection History.” (On older versions of Windows 10, this choice will say “Threat History” instead.)

How to see what malware windows defender found on your pc

On the “Protection History” screen, you will see a complete list of threats that Windows Defender has identified on your PC.

How to see what malware windows defender found on your pc

If your Protection History page is blank, don’t be alarmed—that’s probably good news. But if you have threats and would like to see more information on a specific one, click on the downward-pointing carat-style arrow beside the item. A detailed view will appear.

How to see what malware windows defender found on your pc

If you have a large list of identified threats, it may be helpful to use the “Filters” button to narrow down what kind of threats you’d like to view. For example, you could select “Quarantined” to see only threats that have been quarantined or filtered by threat severity.

How to see what malware windows defender found on your pc

Even if your Protection History is full of threats, you can rest slightly easier knowing that Windows Defender actively working. For even better protection, consider supplementing Defender with a second anti-malware program.

If you’re running Windows in S mode it’s streamlined for tighter security, so the Virus & threat protection area has fewer options than those described here. This is because the built-in security of Windows in S mode automatically prevents viruses and other threats from running on your device.

In early versions of Windows 10, Windows Security is called Windows Defender Security Center.

Virus & threat protection in Windows Security helps you scan for threats on your device. You can also run different types of scans, see the results of your previous virus and threat scans, and get the latest protection offered by Microsoft Defender Antivirus.

How to see what malware windows defender found on your pc

Under Current threats you can:

See any threats currently found on your device.

See the last time a scan was run on your device, how long it took, and how many files were scanned.

Start a new quick scan or go into scan options to run a more extensive or custom scan.

See threats that have been quarantined before they can affect you and anything identified as a threat that you have allowed to run on your device.

Note: If you are using third-party antivirus software, you’ll be able to use its virus and threat protection options here.

Run the scans you want

Even though Windows Security is turned on and scans your device automatically, you can perform an additional scan whenever you want.

Quick scan. Concerned that you may have done something to introduce a suspicious file or virus to your device? Select Quick scan (called Scan now in previous versions of Windows 10) to immediately check your device for any recent threats. This option is useful when you don’t want to spend the time running a full scan on all your files and folders. If Windows Security recommends that you run one of the other types of scans, you’ll be notified when the Quick scan is done.

Scan options . Select this link to choose from one of the following advanced scan options:

Full scan. Scans every file and program on your device.

Custom scan. Scans only files and folders that you select.

Microsoft Defender Offline scan. Uses the latest definitions to scan your device for the latest threats. This happens after a restart, without loading Windows, so any persistent malware has a more difficult time hiding or defending itself. Run it when you are concerned that your device has been exposed to malware or a virus, or if you want to scan your device without being connected to the Internet. This will restart your device, so be sure to save files you may have open.

Note: Scan options was called Run a new advanced scan in early versions of Windows 10.

Manage your Virus & threat protection settings

Use Virus & threat protection settings when you want to customize your level of protection, send sample files to Microsoft, exclude trusted files and folders from repeated scanning, or temporarily turn off your protection.

Manage your real-time protection

Want to stop running real-time protection for a short while? You can use the Real-time protection setting to turn it off temporarily; however, real-time protection will turn back on automatically after a short while to resume protecting your device. While real-time protection is off, files you open or download won’t be scanned for threats.

Note: If the device you’re using is part of an organization, your system administrator may prevent you from turning off real-time protection.

Get access to cloud-delivered protection

Provide your device with access to the latest threat definitions and threat behavior detection in the cloud. This setting allows Microsoft Defender to get constantly updated improvements from Microsoft while you’re connected to the internet. This will result in more accurately identifying, stopping, and fixing, threats.

This setting is turned on by default.

Send us files with automatic sample submission

If you’re connected to the cloud with cloud-delivered protection, you can have Defender automatically send suspicious files to Microsoft to check them for potential threats. Microsoft will notify you if you need to send additional files, and alert you if a requested file contains personal information so you can decide whether or not you want to send that file or not.

If you’re concerned about a file and want to make sure it was submitted for evaluation you can select Submit a sample manually to send us any file you want.

Tamper Protection defends your security settings

Microsoft Defender Antivirus settings can occasionally get changed by malicious, or careless, apps or processes; or sometimes by unaware people. With Tamper Protection turned on, important settings like real-time protection, can’t be easily or accidentally turned off.

This setting is turned on, by default, for consumers.

Protect files from unauthorized access

Use the Controlled folder access setting to manage which folders untrusted apps can make changes to. You can also add additional apps to the trusted list so they can make changes in those folders. This is a powerful tool to make your files safer from ransomware.

When you turn on Controlled folder access, a lot of the folders you use most often will be protected by default. This means that content in any of these folders cannot be accessed or changed by any unknown or untrusted apps. If you add additional folders, they become protected as well.

Exclude items from virus scans

There may be times when you’ll want to exclude specific files, folders, file types, or processes from being scanned, such as if these are trusted items and you are certain you don’t need to take time to scan them. In those rare instances you can add an exclusion for them.

Curate your notifications

Windows Security will send notifications about the health and safety of your device. You can turn these notifications on, or off, on the notifications page. In Virus & threat protection, under Virus & threat protection settings, select Manage settings, scroll down to Notifications and select Change notification settings.

Protect your device with the latest updates

Security intelligence (sometimes referred to as “definitions”) are files that contain information about the latest threats that could infect your device. Windows Security uses security intelligence every time a scan is run.

Microsoft automatically downloads the latest intelligence to your device as part of Windows Update, but you can also manually check for it. On the Virus & threat protection page, under Virus & threat protection updates, select Check for updates to scan for the latest security intelligence.

Got virus problems on your Windows PC? Follow these steps, and you may be back in working order in no time.

How to see what malware windows defender found on your pc

It should be drilled into you by now: Use antivirus software. These programs—from free tools and paid antivirus software up to major security suites—keep tabs on your Windows PC with scans, real-time monitoring, even heuristic analysis of files and processes so that new threats can be identified. It’s imperative, especially with Windows, that you have antivirus installed.

However, even the best antivirus isn’t 100% foolproof. A device already compromised by malware could get on your network, people can personally place malware on a system, and some malware sits there, dormant, waiting to come to life and attack. Social engineering and phishing schemes can trick people (you) into clicking on or downloading an infected link or attachment. Hell, there are even rogue scareware programs that look like antivirus or antispyware, but when you install them, you get infected! Always download from the source—avoid third-party download sites.

Sometimes, it’s hard to tell when you’ve been hit by malware, and almost impossible to tell what kind (be it spyware, a trojan horse, ransomware, you name it). There are plenty of signs you should keep an eye out for—incredibly slow performance where once the PC zipped along, browser pop-ups when no browser is even open, scary warnings from security programs you didn’t install, even ransom demands.

If you suspect, or know with absolute certainty, that you’ve got a malware infection, here are the steps to take, immediately, to remove the malware.

(Note that if you do get a ransom demand, the ransomware involved may have already encrypted your files. The solutions below may eradicate the ransomware, but there’s no guarantee you’ll get access back to the data. So make sure you’ve got a constant backup of your files, to the cloud or otherwise.)

Update Your Antivirus

First, make sure your antivirus software is fully updated with the latest virus definitions—that’s how the software identifies malware, based on what has come before. Antivirus vendors are constantly renewing these lists as they encounter new viruses and Trojans in the wild and in the lab. If your software is even a day out of date, you run the risk of infection.

If you have Windows 10 or 11, you always have free virus/threat protection in the form of Microsoft Defender Antivirus. It’s had or has other names like Windows Security, Windows Defender, and even once went by Microsoft Windows Defender Security Center (Microsoft is genuinely terrible at naming things). Microsoft Defender is certainly better than nothing and gets updated by Windows Update. But it’s far from perfect. We suggest you immediately download one of our top-rated best free antivirus programs: Kaspersky Security Cloud Free or Avast One Essential.

If you need to fix an infected PC for a business, you or the boss should spend the money to get a full security suite. Our Editors’ Choice options today are Kaspersky Security Cloud, Kaspersky Internet Security, Bitdefender Internet Security, Bitdefender Total Security, and Norton 360 Deluxe. All of the above earned 4.5-star reviews. They range from barebones (but complete) suites, to mega-suites bursting with features, to cross-platform suites that protect all your devices—not just Windows.

How to see what malware windows defender found on your pc

If you use Windows Defender Antivirus for malware detection and removal on Windows 10, it’s easy to keep an eye on Defender’s performance with a built-in list of every threat the utility has detected on your PC. Here’s how to view it.

First, open the Start menu and type “Windows Security.” Select the “Windows Security” app that pops up.

(Note, Windows Defender is now known as Windows Security.)

How to see what malware windows defender found on your pc

Using the sidebar in Windows Security, select “Virus & Threat Protection.” Then click or tap “Protection History.” (On older versions of Windows 10, this choice will say “Threat History” instead.)

How to see what malware windows defender found on your pc

On the “Protection History” screen, you will see a complete list of threats that Windows Defender has identified on your PC.

How to see what malware windows defender found on your pc

If your Protection History page is blank, don’t be alarmed—that’s probably good news. But if you have threats and would like to see more information on a specific one, click on the downward-pointing carat-style arrow beside the item. A detailed view will appear.

How to see what malware windows defender found on your pc

If you have a large list of identified threats, it may be helpful to use the “Filters” button to narrow down what kind of threats you’d like to view. For example, you could select “Quarantined” to see only threats that have been quarantined or filtered by threat severity.

How to see what malware windows defender found on your pc

Even if your Protection History is full of threats, you can rest slightly easier knowing that Windows Defender actively working. For even better protection, consider supplementing Defender with a second anti-malware program.

RELATED: What’s the Best Antivirus for Windows 10? (Is Windows Defender Good Enough?)

How to Change Automatic Maintenance Times

How to Change the Windows 10 Notification Display Time

Show Your Support for MajorGeeks a Donation

How to Remove the Shortcut Arrow Icon in Windows 10 & 11

How to Reset and Renew Your Internet Connection With a Batch File

How to Enable or Disable Memory Compression in Windows 10 & 11

How to Create a “Guest Account” on Windows 10 & 11

How to Add or Remove a Language in Windows 11

How to Fix Richtx32.ocx Errors

What Is Microsoft Visual C++ and Microsoft Visual C++ Redistributable Package?

Published by Timothy Tibbetts on 04/03/2020

When downloading files, you may see a warning from your web browser and Windows Defender that states, “Threats found. Windows Defender Antivirus found threats.” In this guide, we look at how to allow and manage any threats found with Windows Security and Windows Defender.

TIP : Hard to fix Windows Problems? Repair/Restore Missing Windows OS Files Damaged by Malware with a few clicks

When Windows Defender finds a threat, you’ll receive a popup window and a new notification. You can click on the popup window or, if you missed it, click on notifications in the lower right corner, and you can click there.

A window will open details with the file name and details.

If you’re not sure about the file you downloaded, then you should always forget about it. Life goes on.

However, if you know that it’s a false positive, you can allow the file to get through.

Scroll down to the bottom of the details and find the Actions dropdown. Click on that and click on Allow.

Remember that once you allow a file, you’ll have to download it again.

Also, that file is now permanently whitelisted. However, you can manage your Windows Defender Allowed Threats.

Click on the Windows Security icon in the lower-right corner. Click on Virus & threat protection > Allowed threats.

Click on Protection history.

You can now see a list of blocked threats. You can use filters to find recommendations, quarantined, cleaned, blocked, or severity. You can also clear your filter history from the filters dropdown.

As mentioned earlier, you can click on any blocked threat, scroll down to the bottom of the details, and find the Actions dropdown. Click on that and click on Allow. Other options include Remove for some items, although typically, they only stay on the list for a couple of weeks.

What is Windows Defender?

Windows Defender is an anti-malware component of Windows that blocks and eliminates malware, trojans, and other malicious software. Read below on how Windows Defender protects your computer.

How Does Windows Defender Protect my Computer?

There are multiple ways that Windows Defender protects your computer:

Real Time Protection

Windows Defender works in real time to protect your computer against threats. If you encounter malware in real time, Windows Defender will alert you of the threat in your notification center and will show you details of the threat.

Automatic Protection with Periodic System Scans

Windows Defender also performs periodic system scans by default. You may notice that you will randomly get a message that Windows Defender performed a scan and did not/did find threats on your machine. This is a completely normal function of Windows Defender. You can customize the auto scan however you would like. If you would like to modify when Windows Defender performs periodic scans, you can read this Microsoft article on how to modify the automatic system scans in Task Scheduler:

Manual Scan of Threats

Windows Defender allows you to also perform manual scans whenever you would like. To do so, do the following:

  1. Click the Windows search field on your task bar and type “Windows Security”. Click the Windows Security application when it shows as a result.
  2. You will see all of your security options upon opening Windows Security. To perform your manual system scan, click Virus & Threat Protection .
  3. In Virus & Threat Protection , click the Quick Scan button. See Figure 1.

How to see what malware windows defender found on your pc

  1. You will see a summary of what the quick scan found. If threats are not found, no further action is needed. If threats are found, Defender will give you options for removing the threat.

Need Assistance?

If you feel as though your device needs to be looked at by a professional, you can contact the Tech Zone at 309-438-8334 to schedule an appointment. Malware and virus removals are offered free of charge at TechZone.

If you have other questions about your machine, you can contact the Technology Support Center at 309-438-4357.

Related Articles:

Technology Support Center
115 Julian Hall
Illinois State University
Campus Box 4000
Normal, Il 61790-4000

Virus and endpoint protection is critical in order to keep your computer safe.

Students

Windows Defender

Keep your PC safe with trusted antivirus protection built-in to Windows 10. Windows Defender Antivirus delivers comprehensive, ongoing and real-time protection against software threats like viruses, malware and spyware across email, apps, the cloud and the web. Features of Windows Defender include:

  • Microsoft Edge: Windows Defender SmartScreen is built into Microsoft Edge which helps keep you protected from malicious websites and downloads.
  • Windows Firewall: Windows Firewall is designed to keep hackers and malicious software from gaining access to your device through a network or the Internet.
  • Find my Device: If your Windows 10 device is lost or stolen, the Find My Device service can ring, lock, and erase your Windows phone or map the location of your device.

For more information on Window Defender, click here.

Faculty and Staff

CrowdStrike

Virus and endpoint protection is provided to faculty and staff by CrowdStrike. CrowdStrke is automatically pushed to all computers that are centrally managed by NJIT. CrowdStrike provides real time threat protection without slowing down background processing. Unlike legacy antivirus products, CrowdStrike runs in the background and does not appear as an installed application.

Frequently asked questions about CrowdStrike include:

By Ken @ GlassWire. Last updated November 19, 2021

How to see what malware windows defender found on your pc

Is that .exe file safe?
You probably found this page because you noticed a strange Windows .exe process or service running on your PC.

Maybe the program is causing your computer to crash or it’s using too much memory or CPU resources. Or perhaps you downloaded an .exe and you’re not sure if it’s safe to run.

If you’re concerned about a file on your PC just follow the 5 easy steps below to see if it’s safe. Our team has helped over 20 million people protect their PCs so you’ve come to the right place.

Let’s check that file for threats!

1. How to check the .exe file with Windows Defender

How to see what malware windows defender found on your pc

These days all Windows versions come with Windows Security (formerly Microsoft Defender), and Windows Security has a built in easy way to scan specific .exe files. If the file is on your desktop right click it and choose “scan with Microsoft Defender”.

If you found the .exe you want to scan in the Windows task manager and you’re not sure of its location, then right click it and choose “open file location”. The file should then automatically be highlighted. Now right click the file once and scan it. If it’s marked as safe, then it’s probably safe to be on your PC.

Are you still not sure if an .exe file is safe? There are 4 more steps you can take.

2. Analyze the file with VirusTotal

How to see what malware windows defender found on your pc

Don’t trust Windows Security? That’s OK. Go to VirusTotal.com and upload the file. VirusTotal is a file analysis service that will analyze the file with over 25 different antimalware engines. Please note it’s not uncommon with most files to have one or two false positives.

When this happens people in the VirusTotal community will often leave some comments about the file, so click the comments and see what people are saying.

Want to analyze all your apps for security issues with VirusTotal automatically? Our GlassWire software does this for free for anyone who uses the app.

First install GlassWire (it’s free to try), then go to the top left menu and choose “settings” then “VirusTotal”, then turn on automatic executable security analysis. Once this VirusTotal API setting is enabled, every time an .exe accesses the network on your PC, it will automatically be analyzed by VirusTotal.

Don’t want automatic file checking? It’s optional, and it’s turned off by default. To adjust the security settings go to GlassWire’s firewall and mouse over the VirusTotal column next to any app to analyze it with VirusTotal manually.

3. Does the .exe have a publisher?

Are you still not sure about the file? Right click the file and check its properties to see if it has a known publisher. If a file is signed by Microsoft or a major company then it’s most likely safe. If the file isn’t signed at all then all bets are off. Look under “Digital Signature” to see once you check the file properties.

How to see what malware windows defender found on your pc

Please note that with our own GlassWire Network Security Monitoring app we show real-time network activity by publisher so it’s easy to see if unsigned apps are accessing the network. Keeping track of the apps on your PC and how they are signed is a great way to keep your device secure.

Do you still not trust the .exe file?

4. Check it in Windows Sandbox

How to see what malware windows defender found on your pc

Did you know the latest versions of Windows 10 or 11 have a free sandbox feature that allows you to safely run applications in a protected environment on your PC? Search for Windows Sandbox in the Windows search box to run it. Now copy the file, and then paste it into the Windows Sandbox. You can then run it and see what it does after it’s executed.

5. Monitor the file’s network activity for strange behavior

If you are already running the .exe on your PC and you think it’s suspicious then it’s very useful to see what hosts the .exe is connecting to along with the types of traffic it is sending and receiving. Our free GlassWire software can show you that data in real-time. If you find the .exe is behaving badly you can then block it instantly with our firewall, or even check it with VirusTotal directly from within GlassWire.

You can protect your computer with the help of Microsoft Defender in multiple ways. Here are few of them:

  1. Turn on the automatic protection provided by Microsoft Defender.
  2. Scan your PC for malware.
  3. Run a quick scan to go over the critical system files.
  4. Perform an advanced scan to go over all the files.

It’s a wild, wild west out there in the tech world. With the acceleration of technological change, a host of technological innovations are on the horizon. But, what’s also expected is a substantial increase in malware disruption, with malicious hackers working unremittingly for finding new loopholes.

Don’t take our word for it.

Nearly 80% of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks despite increased IT security investments made in 2020 to deal with distributed IT and work-from-home challenges, according to a new IDG Research Services survey commissioned by Insight Enterprises. Just 57% conducted a data security risk assessment in 2020,” says the author in this piece from Forbes.

Now, while there are a ton of good antivirus programs out there that can help you stay protected, this post isn’t about them.

Here, we’d instead like to focus on Microsoft Defender, the default security solution provided by Microsoft for all your security woes.

Let’s dive right in.

What is Windows Defender

Microsoft Defender, called Windows Security since Windows 11, is the default anti-malware software offered by Microsoft, free of charge. And don’t get fooled by the free option; the software can hold its own against any paid antivirus program. It can detect and remove viruses, worms, and malware easily.

Apart from all around protection, right from moment you start your PC, it also downloads updates automatically to keep up with the fast changing tech updates. Also, keep in mind if you have already installed a third-party antivirus on your PC, then the Microsoft Defender will be turned off. To turn it back on, all you have to do is uninstall the antivirus.

Scan your PC with Windows Defender

With the help of Windows Defender, you can easily scan specific files and folders on your PC, and make sure everything’s work good under the hood. To get started, follow the steps below:

  1. Choose a file or a folder you’d like to scan.
  2. Right-click on that item and select Scan with Microsoft Defender.

How to see what malware windows defender found on your pc

When the scan gets completed, you’ll see a Scan options page which will tell you the results of the scan. If there’s any threat that needs your attention, it will be pointed out by Microsoft Defender.

Turn on Automatic Protection

Apart from malware detection and dealing function, the Windows Defender antivirus also offers a way to enable real-time protection for your PC. Enable it, and you’ll be notified as soon as something strange happens with your computer.

To get started, follow the steps below:

  1. Press Windows key + I to open Settings.
  2. Select Privacy & security > Windows Security > Virus & threat protection.
  3. From there, select Manage settings (or Virus & threat protection settings in early versions of Windows 10) and switch Real-time protection option to On.

How to see what malware windows defender found on your pc

How to see what malware windows defender found on your pc

This will turn on the all-around protection feature of Windows Defender, making it immune to obscure bugs and threats.

Scan the whole PC

In the first section above, we covered how you can scan specific files and folders. However, with Windows Defender, you can also run a complete scan of your PC.

This feature to scan comes in two varieties: quick scan and advanced scan.

Running a quick scan

You feel there’s something off with your PC, but you’re short on time. So, what do you do? With the quick scan feature, Windows Defender will only go over the essential files and registry of your computer. Any problems that it finds will be resolved then and there by the app.

Follow the steps below to run the scan:

  1. Go to Settings > Privacy & security > Windows Security.
  2. Click on Virus & threat protection.
  3. Select Quick scan to get started with the process.

How to see what malware windows defender found on your pc

Run an advanced scan

As good as the quick scan feature is, it doesn’t do full justice to a standard security check-up against malware attacks. To make sure your computer is really free from any malware and virus intrusions, we’d recommend you give the advanced scan a go.

To get started, follow the steps below:

  1. Select Start >Settings >Privacy & security >Windows Security.
  2. Click on Virus & threat protection.
  3. Under Current threats, select Scan options (or in early versions of Windows 10, under Threat history, select Run a new advanced scan).
  4. Select one of the scan options:
    • Full scan (check files and programs currently running on your device)
    • Custom scan (scan specific files or folders)
    • Microsoft Defender Offline scan
  5. Finally, click on Scan now.

How to see what malware windows defender found on your pc

How to see what malware windows defender found on your pc

All about Windows Defender

And that’s all about Windows Defender, folks. Personally, I use and recommend Windows Defender over other expensive—and often bloated—third-party programs. Combine it with safe web usage practices, I’d figure you wouldn’t either. Whatever option you choose to go ahead with, be rest assured that with Windows Defender, you can have a free and reliable security option to fall back on.

With so much of our lives spent online, and crucial files stored on our devices, it’s important to have protection against viruses that can wreak havoc.

For Windows 10 users, there’s a built-in antivirus protection program called Microsoft Defender Antivirus. Here’s what you need to know.

What is Microsoft Defender?

Microsoft Defender Antivirus, formerly known as Windows Defender, is an antivirus protection program that’s included with Windows 10. Unlike other antivirus programs like McAfee, Microsoft Defender is free and doesn’t require any additional installation. It’s also routinely updated.

Microsoft Defender’s features include automatically backing up files to OneDrive, expansive parental control settings, and the elimination of any need for passwords, which have been replaced by face recognition and fingerprint technology (known as Windows Hello).

Microsoft Defender offers tracking prevention to help you manage how websites track your data and to give you more control over your privacy settings when browsing the web. It also has a password generator, plus a password monitor that lets you know if any of your passwords have been compromised.

When set to active mode, Microsoft Defender acts as the primary antivirus app on your device. It scans files, remediates threats, and lists detected threats in security reports on the Windows Security app.

How to enable Microsoft Defender

Microsoft Defender is automatically included with Windows 10, but if your computer is linked to a group or organization (such as through your workplace), you may need to double-check that Microsoft Defender is actually enabled on your device.

1. Click the Start button on your Windows computer.

2. Type Group policy into the search bar.

3. Click on Edit group policy.

4. Click Computer Configuration, and then click Administrative Templates.

5. Click Windows Components, and then select Microsoft Defender Antivirus.

6. Scroll down to the bottom of the list and look for Turn off Microsoft Defender Antivirus. Click on Disabled or Not configured (whichever one is visible on your device). Note that while this might seem contradictory, you’re on the right track.

7. Click Apply, then click OK.

How to turn off Microsoft Defender in 3 ways

You may want to temporarily disable Microsoft Defender if you’re trying to install a third-party software or program onto your computer and the antivirus is blocking the installation. Another reason to turn off Microsoft Defender is if you want to use another antivirus program.

Important: When Microsoft Defender is turned off, the security of your computer may be at risk for malware attacks.

Temporarily disable via Windows Security

1. Click the Start button on your Windows computer, then click the Settings icon (it looks like a gear).

2. Select Update & Security.

3. Then click Windows Security, and select Virus & threat protection.

4. In the Virus & threat protection settings section, click Manage settings.

5. Click the toggle under Real-time protection to turn it off. It will turn gray when Microsoft Defender is disabled.

Permanently disable via group policy

1. First, you need to disable tamper protection. Click the Start button on your Windows computer, then search for Windows Security. Click on the app to open it.

2. Click Virus & threat protection. In the Virus & threat protection settings section, click Manage settings.

3. Click the toggle under Tamper Protection to disable this feature.

4. Click the Start button, then search for gpedit.msc. Click the first result to open the Local Group Policy Editor.

5. Click Computer Configuration, Administrative Templates, Windows Components, then Microsoft Defender Antivirus.

6. Double-click Turn off Microsoft Defender Antivirus. Click Enabled in the pop-up window, then Apply, then OK.

7. Restart your computer.

Use a third-party antivirus protection program

If you choose to disable Microsoft Defender, it’s a good idea to install another antivirus program to protect your computer from viruses and malware. Below are some third-party options to consider:

  • Norton 360 with LifeLock Select ($149.99 per year, $99.48 for the first year): An enduring brand as far as antivirus software goes, Norton Security remains a top-rated option. This all-in-one antivirus subscription includes malware and virus protection for your computer and phone, 100 GB of cloud backup, a secure VPN, password manager, and more.
  • Bitdefender Antivirus (free version available, paid versions starting at $29.99 for the first year): A more affordable option for security software, the free version of Bitdefender covers one Windows PC and protects against viruses, malware, and spyware in real time. The paid versions protect more devices and give you a secure VPN.
  • McAfee Total Protection (starting at $84.99 per year, $34.99 for the first year): Another longtime brand in the world of cybersecurity, McAfee continues to score high marks on protection and performance from independent labs. With a paid subscription, you get virus and ransomware protection for up to an unlimited number of devices (depending on what plan you pick), plus a password manager.

If you use Windows Defender Antivirus to detect and remove malware on Windows 10, you can easily monitor the performance of Defender with an integrated list of all threats that the utility has detected on your PC. .

  • How to fix errors cannot open Windows Defender on Windows 7/8/10
  • How to add exceptions in Windows Defender on Windows 10

If you use Windows Defender Antivirus to detect and remove malware on Windows 10, you can easily monitor the performance of Defender with an integrated list of all threats that the utility has detected on your PC. . Here’s how to get this cardiac catheterization.

See the Windows Defender malware found

Step 1:

First, open the Start menu and enter Windows Security . Select the Windows Security application that appears.

( Note : Windows Defender is now called Windows Security ).

How to see what malware windows defender found on your pcOpen the Start menu and enter Windows Security

Step 2:

Using the sidebar in Windows Security, select Virus & Threat Protection . Then click Protection History . (On older versions of Windows 10, this option will be called Threat History instead.)

How to see what malware windows defender found on your pcSelect Virus & Threat Protection

Step 3:

On the Protection History screen , you will see a full list of threats that Windows Defender has identified on your PC.

How to see what malware windows defender found on your pcA list of threats appears on the Protection History page

Exploit information on the Protection History page

If the Protection History page is blank, don’t worry. That is probably good news. But if you have threats and want to see more information about a specific malware, click the down arrow next to that item. A detailed view will appear.

How to see what malware windows defender found on your pcYou can see the details of the threat

If you have a large list of identified threats, it may be helpful to use the Filters button to narrow down the group of threats you want to see. For example, you can choose Quarantined to see only threats that have been quarantined or filtered by the severity of the threat.

How to see what malware windows defender found on your pcCan use filters to find out threats you are interested in

Even if your Protection History page is full of threats, you can be a little more reassured knowing that Windows Defender is actively working. For even better protection, consider adding Defender with a second anti-malware program.

How to see what malware windows defender found on your pc

  • The Malware detected Windows Defender is taking action is quite common and hard to solve.
  • Try verifying the scanning history in Windows to see if any malware was detected.
  • If the alert persists, switch to a better antivirus that has more security features.
  • Boot the system in Safe mode and perform a System File Check scan to get rid of the issue.

How to see what malware windows defender found on your pc

A virus or malware might be causing all these problems, though, on the other hand, it might be only a compatibility issue between Windows Defender and another third-party antivirus program.

So, before taking any action you need to make sure that Windows Defender is properly running on your Windows 10 system.

How do I get rid of the Malware detected alert?

1. Use Windows Defender

The first thing you should do when encountering the Windows Defender took action against threats message is to verify its scanning history.

The default Windows antivirus might have found infected files but it is not able to properly remove them, especially when you get repeated alerts.

If the Windows Defender keeps saying threats found, then identify these files and manually remove them. You can also run the Microsoft Safety Scanner in order to extend the tool’s functionality.

2. Run a System Scan

  1. Press the Windows Key + S and open Run.
  2. Type msconfig and press Enter.
    How to see what malware windows defender found on your pc
  3. Select the Boot tab, and toggle Safe Boot.How to see what malware windows defender found on your pc
  4. Press Ok and select Restart .
    How to see what malware windows defender found on your pc
  5. Now your computer should restart in Safe Mode.
  6. Next, press the Windows Key + S and type cmd.
  7. Run Command Prompt as an admin.
    How to see what malware windows defender found on your pc
  8. In the cmd box, type the following and press Enter: SFC /scannow

You can also initiate the system scan through Safe Mode – in safe mode, third-party apps and processes are disabled by default

Therefore, certain malware won’t be able to interfere with the scanning and removal process, so you can get rid of the Windows Defender taking action on threats taking too long alert.

3. Use a third-party antivirus software

If the history log isn’t showing any infected files it might be because Windows Defender detects the same virus but in different locations, and so it does not make a history entry.

However, some viruses are too clever for the basic Windows Defender. Perhaps, the software can detect suspicious activity, but it cannot remove it, so you’re stuck in a loop.

If that’s the case, you should consider choosing a different antivirus solution that can perform a more complex scan and remove anything suspicious or dangerous.

In that matter, we recommend installing security software that uses advanced AI and machine learning to find threats ranging from simple spyware and adware to Trojans.

The tool is easy to install, the UI is intuitive, and it is lightweight, so it won’t consume your system’s resources. And that’s not all. This program can also keep your sensitive information private.

It has proven its capability of detecting multiple types of malware and completely cleaning the system if you choose to do so

During the installation process, Windows Defender should be automatically disabled. If it’s not, you need to perform this operation manually:

  1. Press the Win + R keys and enter gpedit.msc.
  2. From there, navigate to Computer Configuration, then Administrative Templates.
  3. After, go to Windows Components, and Windows Defender.
  4. Select Turn off Windows Defender from the right panel of the main window.
  5. Choose Enable – this will actually disable the default Windows Defender software.
  6. In the end, run the software and initiate a full scan .

Once you make sure that your Windows Defender is disabled, and after you finished installing the antivirus tool, perform a scan using it. If malicious files will be found, they will be removed.

How to see what malware windows defender found on your pc

ESET Internet Security

A strong antivirus software that will secure your information, keep your identity private, and remove and threat from your device.

So, now you should know how to react when noticing the malware detected Windows Defender is taking action to clean detected malware pop-up message displayed by Windows Defender.

In the same manner, if you’d like to see more similar products, take a look at our list of antivirus tools with lifetime licenses, and use it to choose a third-party antivirus that suits you.

Tell us how these solutions helped you, and give us any other feedback regarding the subject in the comment section below.

Frequently Asked Questions

Even if it comes enabled by default with the operating system, Windows Defender does a pretty good job of detecting viruses.

It is generally a good idea to not have two antivirus solutions running at the same time. However, Windows Defender is outclassed by third-party antivirus software. You can consider making a switch to one of the tools included in this great list of antivirus recommendations.

You can learn how to check what the program is blocking and many other things related to the default Windows security system if you read our nice article dedicated to Windows Defender.

If Microsoft Defender Antivirus detected a trusted file or app as a threat, you can allow it on your device with these steps:

How to see what malware windows defender found on your pc

  • Tweet
  • Share
  • Submit

On Windows 10, Microsoft Defender Antivirus is the default anti-malware solution to protect your device and data against all sorts of threats, including viruses, spyware, ransomware, rootkits, and other types of malware and hackers.

Although the antivirus offers a robust real-time protection at the level of most sophisticated anti-malware solutions, sometimes, it can detect some files and applications as threats when you know they are not. However, if this ever happens, the default protection built into Windows 10 includes an option to review and allow the file or application on your device.

In this guide, you’ll learn the steps to allow a file or app recently blocked by Microsoft Defender Antivirus on Windows 10. In addition, we’ll look at the steps to block allowed items in case you need to revert the changes.

How to allow blocked file or app on Microsoft Defender Antivirus

To allow an item that has been blocked by Microsoft Defender, use these steps:

Open Windows Security.

Click on Virus & threat protection.

Under the “Current threats” section, click the Protection history option.

How to see what malware windows defender found on your pcProtection history option

Select the file or application you want to allow.

Click the “Actions” drop-down menu and select the Allow on device option.

How to see what malware windows defender found on your pcAllow blocked app

Once you complete the steps, the item will be allowed on your device.

How to block manually allowed file or app on Microsoft Defender Antivirus

To block a file or application you allowed manually, use these steps:

Open Windows Security.

Click on Virus & threat protection.

Under the “Current threats” section, click the Allowed threats option.

How to see what malware windows defender found on your pcAllowed threats option

Select the file or application you want to block.

Click the Don’t allow button.

How to see what malware windows defender found on your pcBlocked allowed threat

After you complete the steps, the item will no longer be allowed on your device.

Pureinfotech relies on your support. Consider contributing with the button below to keep bringing great content.

We may earn commission for purchases using our links to help keep offering the free content. Privacy policy info.

All content on this site is provided with no warranties, express or implied. Use any information at your own risk. Always backup of your device and files before making any changes. Privacy policy info.

But Is Windows Defender really enough?

Is your Windows 10 computer performing slower than usual? Are you seeing different pop-ups that weren’t there before?

If these are the cases, you may have a malware-infected PC on your hands. There are ways you can check. This article will teach you how to scan your PC for malware in Windows 10.

How to see what malware windows defender found on your pc

Windows Defender

The first logical place to start would be Windows Defender. Not only is it free, but it also comes with every Windows 10 purchase. It’s also simple to use — making it the ideal solution for your average users who won’t go beyond mainstream sites.

It works by scanning for threats like adware, spyware, and viruses. Turning Defender on will stop malicious software from doing any significant damage.

Turning on Windows Defender

Open Windows Settings. Go to Update and Security > Windows Security. Under Protection Areas, select Virus & Threat Protection.

How to see what malware windows defender found on your pc

A new window will pop up with a list of security options. Click Virus & Threat Protection. Now click Manage Settings under Virus & Threat Protection Settings. Go to Real-Time Protection and switch it to the on position if it’s currently off.

How to see what malware windows defender found on your pc

How to see what malware windows defender found on your pc

Once activated, Windows Defender will automatically scan your computer for malware. The most recent iteration of Windows Defender is not available on Windows 7 or Windows 8.

Is Windows Defender enough?

The short answer is no — not if you’re looking for a much more robust solution. As mentioned earlier, Defender will be enough for the average user.

But if we’re talking pure performance, there are third-party solutions out there that offer more protection and can be fine-tuned to meet specific needs. One tool we have always suggested in Malwarebytes Anti-Malware.

Diagnosing Malware in Windows 10

There are other ways of diagnosing malware in a Windows 10 computer. Below are just a few.

Safe Mode

PCs have a feature called Safe Mode. When you boot a PC through this mode, only the essential programs are loaded. Malware is prevented from launching. If your computer performs faster while in Safe Mode, there’s a chance that you have malware.

How to see what malware windows defender found on your pc

To access Safe Mode, go to Start > Power. While holding the Shift key, press Restart. After the computer reboots, you should be able to access Safe Mode.

How to see what malware windows defender found on your pc

You want to delete temporary files while in Safe Mode. Go to Search and type Disk Cleanup. It’s a free utility tool that’s included in Windows 10. This will help you remove old files and possibly malware after a quick scan.

Third-party scanners

If you feel like your current antivirus solution isn’t up to the challenge, maybe it’s time to consider installing one of the many malware scanners in the market today.

Some of these solutions are free while others you’d have to pay for. There are one-time purchases while others are subscription-based. Some antivirus software work better than others. Make sure you install one that’s highly recommended and comes from a reputable company.

Browser settings

Malware can make changes to your browser settings. For example, malware can change your homepage settings to launch sites that are meant to extract information or display ads whenever you open a browser.

You need to check your settings as soon as possible to prevent browsers from launching annoying sites.

Microsoft Edge

To modify Microsoft Edge settings, go to Settings and More > Settings. Under the Open Microsoft Edge With drop-down menu, select A Specific Page or Pages.

How to see what malware windows defender found on your pc

Check the URLs in the list and remove the unfamiliar domains.

Google Chrome

Open Google Chrome and go to Customize > Settings. Scroll down and locate On Startup. Select Open a Specific Page or Set of Pages.

How to see what malware windows defender found on your pc

Remove the unfamiliar domains from the list.

Reformatting Your PC

There are times when users are forced to reformat their computers to remove malware. But before you do, make sure you back up important files if it’s still possible for you to do so.

Go to Settings > Update & Security > Recovery. Under Reset This PC, select Get Started. You will be presented with two options.

Keep My Files will reformat your computer without deleting your files. Remove Everything will do just that – remove all files.

How to see what malware windows defender found on your pc

Note: There’s a higher chance of removing malware if you remove everything. However, you do so at the risk of deleting files and settings.

Follow the on-screen commands until Windows 10 prompts you to reset your PC.

Christopher Jan Benitez is a freelance writer for hire who provides actionable and useful web content to small businesses and startups. In his spare time, he religiously watches professional wrestling and finds solace in listening to ’80s speed metal. Read Christopher’s Full Bio

September 8, 2021 By Madhuparna

Microsoft Defender Antivirus is the built-in security solution for Windows that keeps your system protected from any malware or virus attacks. It protects your PC in real-time from all kinds of suspicious activities and you can check the protection history in your Microsoft Defender Antivirus on your Windows 11 PC. The Windows Security app keeps running in the background and notifies you of any security breaches, and displays all the reports in the protection history section. This helps you to keep a track of the different types of unwanted activities and the action taken against them.

Protection history is a feature offered by the built-in antivirus that displays the list of malware files detected during the scan. The list also includes the details related to the malware, indicating if it has been completely removed till the next Windows update release with the bug fix. The protection history is also visible for the Ransomware protection feature. It shows which items have been blocked, so that you can check them and allow if it was a false-positive.

So, how do you view the malware history in the Microsoft Defender antivirus on your Windows 10/11 PC? We can explain how..

Method 1: Check Protection History Through Windows Security Settings

This method needs you to access the Windows Security settings through the Settings app. Follow the below instructions to view the protection history using Windows Security:

Step 1: Press the Win + I keys together on your keyboard to open the Settings app.

Step 2: In the Settings window, click on Privacy & Security on the left side of the pane.

How to see what malware windows defender found on your pc

Step 3: Now, navigate to the right side and under the Security section, click on Windows Security.

How to see what malware windows defender found on your pc

Step 4: Next, in the Windows Security page on the right, under the Protection areas section, click on Virus & threat protection.

How to see what malware windows defender found on your pc

Step 5: Now, in the Virus & threat protection screen, under the Current threats section, click on the Protection history link in blue.

How to see what malware windows defender found on your pc

Step 6: In the next window, you will see the list of all the threats found and blocked, removed or quarantined by the Windows Security.

How to see what malware windows defender found on your pc

*Note – If you do not see anything here, it means that there has been no potential threats found on your PC yet, to be detected by the Microsoft Defender antivirus.

Step 7: You can now click on on the items from the list one by one and you can view the detailed info for each of the potential threats. The information includes – the name of the app or the process, which app blocked it, which app or folder was protected, date, etc.

You can also click on the Actions drop-down below each of the item details and select Allow on device if you recognize the app or file, and if you are sure it’s not a threat.

How to see what malware windows defender found on your pc

Step 8: Moreover, if it’s a long list of items, you can click on the Filter option at the top right and select from the list what you want to view:

How to see what malware windows defender found on your pc

Now that you have a clear view of the protection history, you know that your system has total protection by the Windows Security.

Method 2: Check Protection History Using Windows PowerShell

But, if you want to pull up the protection history for any malware detected and blocked, you can do so using the elevated Windows PowerShell. Let’s see how:

Step 1: Press the Win + R keys simultaneously on your PC and the Run command window opens.

Step 2: In the Run command search field, type Powershell and press the Ctrl +Shift + Enter shortcut keys on your keyboard to open the elevated Windows PowerShell.

How to see what malware windows defender found on your pc

Step 3: In the PowerShell (admin) window, run the below command and hit Enter:

This will pull up the list of threats that has been detected by the antivirus with details like the status of the threat execution, active status, and location of the infected file.

How to see what malware windows defender found on your pc

Step 4: You can also execute the below command to check the list of any active or false malware findings:

How to see what malware windows defender found on your pc

This will pull up details like the Initial Detection Time and date, action success: True/False, infected file location, and more.

*Note – The difference between the above two commands is, while Get-MpThreat pulls up the threat history, the Get-MpThreatDetection command pulls up the protection history.

Once you have run the commands successfully, you would have a clear view of what type of malware tried to invade your PC.

I find passion in writing Tech articles around Windows PC and softwares

How to see what malware windows defender found on your pc

If you’ve ever checked the Windows Task Manager to see why your computer is running so slow, you might have noticed a process called Antimalware Service Executable using a lot of the available CPU or memory.

The Antimalware Service Executable, or MsMpEng.exe, is part of the Windows Security suite that ships with Windows 10. Windows Security includes everything from anti-malware tools, to a firewall, account management and protection services, and more.

Your computer might run slowly at certain times because Windows Security is doing an automated malware detection scan. Occasionally this scan might run into issues with certain files, folders, or software, even if they’re secure.

In this article we’ll go over a few things you can do to improve Windows Security’s performance.

#1: Check for third-party anti-malware software

It’s generally recommended that you only run one anti-malware/anti-virus/anti-spyware software on your PC at a time.

Running Windows Security and third-party software like Malwarebytes together can cause issues where they both recognize each other as potential threats. This can lead to situations where neither works properly.

Windows Security is considered to be very secure, so it’s safe to remove third-party security software. Simply uninstall the third party software and reboot your computer.

Then to check that Windows Security is running, press the Windows key, type in “windows security”, and click on “Windows Security” to open the app:

How to see what malware windows defender found on your pcOpen the Windows Security app

Click on “Virus & threat protection”, and click “Manage settings” under “Virus & threat protection settings”:

How to see what malware windows defender found on your pcThe Virus & threat protection menu

Once in the “Virus & threat protection settings” menu, ensure that the “Real-time protection” toggle is on:

How to see what malware windows defender found on your pc

Alternatively, if you’d like to use third-party security software, just install and configure that first. Then repeat the steps above and turn the “Real-time protection” toggle off.

This will prevent Windows Security from scanning and potentially flagging your third-party software as insecure.

#2: Prevent Windows Security from scanning certain files and folders

As mentioned earlier, Windows Security can sometimes run into issues while scanning certain files, folders, and executable programs.

Though you do want Windows Security to scan as much of your system as possible, there are some things you can safely exclude to reduce the amount of CPU and memory it uses.

Prevent Windows Security from scanning MsMpEng.exe

The first thing you can try is to prevent the Antimalware Service Executable process from scanning itself.

Press the Windows key, type in “windows security”, and click on “Windows Security” to open the Windows Security app.

Click on “Virus & threat protection”, and click on “Manage settings” under “Virus & threat protection settings”:

How to see what malware windows defender found on your pcThe “Virus & threat protection” menu

In the “Virus & threat protection settings” menu, scroll down to “Exclusions” and click on “Add or remove exclusions”:

Then click the plus button with the text “Add an exclusion”, and click “File”:

How to see what malware windows defender found on your pc

Then in the File Explorer window, select C:\Program Files\Windows Defender\MsMpEng and click “Open”:

How to see what malware windows defender found on your pc

Now Windows Security will skip over the Antimalware Service Executable/MsMpEng.exe file while scanning for malware, and should use less available CPU and memory than before.

Prevent Windows Security from scanning the Windows Defender directory

Similar to the last method of skipping over the Antimalware Service Executable, it’s possible to exclude the entire Windows Defender directory from anti-malware scans.

Follow the steps from the last method, but after clicking the “Add an exclusion” button, select “Folder” instead:

How to see what malware windows defender found on your pc

Then in the File Explorer window that pops up, select C:\Program Files\Windows Defender and click “Select Folder”:

How to see what malware windows defender found on your pc

And now Windows Security will skip over everything in the Windows Defender folder, including the MsMpEng.exe file itself.

#3: Consider upgrading your PC

If none of the other solutions work, it might be worth upgrading parts of your PC. As of 2020, new PCs are often configured with at least 8 GB of RAM and a solid-state drive (SSD) rather than an older hard disk drive (HDD). And increasingly, software is written with those minimum specs in mind.

If your computer is older and has less RAM and a slower HDD, consider adding more RAM and doing a clean install of Windows 10 on an SSD.

This won’t solve the issue of the Antimalware Service Executable using 100% of the CPU, but more RAM and a faster SSD will ensure that anti-malware scans are completed much faster overall. Also, you’ll find that everything from booting your computer to opening and saving files is much faster than before.

While PC upgrades are outside the scope of this tutorial, it’s worth considering as an option – just a couple new (or used!) parts can make an older computer feel like an entirely different machine.

In summary

There are a bunch of reasons why the Antimalware Service Executable/MsMpEng.exe could cause a system to slow down. But usually it’ll only use a lot of the available CPU and memory when it’s scanning for malware.

So really the trick is to speed up the malware scan itself – check for conflicting security software, limit the files and folders it has to scan, or consider upgrading your PC’s hardware.

Did any of these methods work for you? Or did you find something else that solved the issue? Either way, let me know on Twitter.

Read more posts by this author.

If you read this far, tweet to the author to show them you care. Tweet a thanks

Learn to code for free. freeCodeCamp’s open source curriculum has helped more than 40,000 people get jobs as developers. Get started

freeCodeCamp is a donor-supported tax-exempt 501(c)(3) nonprofit organization (United States Federal Tax Identification Number: 82-0779546)

Our mission: to help people learn to code for free. We accomplish this by creating thousands of videos, articles, and interactive coding lessons – all freely available to the public. We also have thousands of freeCodeCamp study groups around the world.

Donations to freeCodeCamp go toward our education initiatives and help pay for servers, services, and staff.

Security researcher Tavis Ormandy, one of Microsoft’s biggest critics, praises Microsoft for its rapid response to a newly discovered security hole

It’s like Pepsi declaring that Coke won a taste test: Google Project Zero security researchers discovered a security hole in Microsoft’s Malware Protection Engine, and two days later the Microsoft Security Response Center not only fixed the bug but also rolled out the update through the usual Windows Defender update mechanism.

The bug in the main Windows Defender program was described in Security Advisory 4022344. Chances are good your Windows computer got the fix last night.

Google Project Zero security researchers Tavis Ormandy and Natalie Silvanovich are credited with discovering the vulnerability. Ormandy tweeted that the security hole was “the worst Windows remote code exec in recent memory… crazy bad.”

After Microsoft’s quick action on the bug, Ormandy—ordinarily one of Microsoft’s biggest critics—was swift to respond. “What an amazing response, thanks so much Simon and MSRC! That was incredible work.”

The praise seems quite justified. The “wormable” hole has been plugged, and everything is now right with Microsoft Endpoint Protection, Forefront Security, Security Essentials, Intune Endpoint Protection, and all versions of Windows Defender, from Windows 7 to 8.1 to RT to Windows 10 versions 1507, 1511, 1607, and 1703.

In short, it was a stunning response to a bad bug (and one more reason why you should not turn off wuauserv, the Windows Update service).

The easiest way to make sure you got the fix is to check the version number for MsMpEng.exe, the Microsoft Malware Protection Engine. You’re looking for engine version 1.1.13704.0 or higher (1.1.13701.0 has the security hole). Here’s how to hunt down the version:

  • In Windows 7, click Start > Run, type Windows Defender, and press Enter. Click the down arrow at the top on the right and choose About Windows Defender. To manually update the engine, click the down arrow, then Check for updates.
  • In Windows 8.1, click Start and in the search box type Windows Defender. Then follow the instructions for Windows 7.
  • In Windows 10, type Windows Defender in the Cortana search box and press Enter. In the upper-right corner, click Settings. Scroll down to the bottom and your Engine version appears under Version info. If you don’t have 1.1.13704.0, go into Windows Update (Start > Settings > Update & security), then click Check for updates. The new Windows Defender update (1.243.10.0 on my 1607 PC) should appear. Wait and make sure Windows installs it.

For technical details about the security hole, read Ormandy and Silvanovich’s article on the Project Zero blog. The problem boils down to a failure of one function in a privileged kernel program to validate the argument being passed to it. As a result, a bad guy can rig nearly anything to trigger remote execution. The flaw digs into Windows using the component of MsMpEng called mpengine:

Mpengine is a vast and complex attack surface, comprising of handlers for dozens of esoteric archive formats, executable packers and cryptors, full system emulators and interpreters for various architectures and languages, and so on. All of this code is accessible to remote attackers.

NScript is the component of mpengine that evaluates any filesystem or network activity that looks like JavaScript. To be clear, this is an unsandboxed and highly privileged JavaScript interpreter that is used to evaluate untrusted code, by default on all modern Windows systems. This is as surprising as it sounds.

Yes, you read that correctly. MsMpEng has a JavaScript interpreter that runs directly in the kernel—and it’s in all versions of Windows. While Microsoft’s solution fixed the immediate problem, it’s pretty clear there’s still a big potential security hole. A few hours ago, Vesselin Bontchev tweeted:

Has anybody examined what Microsoft’s “fix” of the Defender vulnerability is? Did they just resolve the type confusion?

I mean, they probably didn’t suddenly add a sandbox around it or stopped running a JavaScript interpreter in the kernel?

Bottom line: Make sure Windows Defender is up to date on your system. Don’t turn off the Windows Update service. And expect to hear more about the kernel-mode JavaScript interpreter in the future.

Woody Leonhard is a columnist at Computerworld and author of dozens of Windows books, including “Windows 10 All-in-One for Dummies.”

Microsoft Defender antivirus will start to automatically investigate malware infections from February 16.

Liam Tung is a full-time freelance technology journalist who writes for several Australian publications.

Microsoft says it is stepping up security for users of Microsoft Defender for Endpoint by changing a key setting, switching the default from optional automatic malware fixes to fully automatic remediation.

The change means that when Microsoft Defender for Endpoint detects malware on PCs on a network, the antivirus will automatically start analyzing all threats that are related to the alert, poring over files, processes, services, registry keys and all other areas where a threat could reside.

Privacy

  • How tech is a weapon in modern domestic abuse — and how to protect yourself
  • The best browsers for privacy
  • IOC disputes Citizen Lab’s security concerns about Chinese Olympics app
  • iOS 15.2’s App Privacy Report: How to turn it on, and what it all means

“The result of an automated investigation started by an alert is a list of related entities found on a device and their verdicts (malicious, suspicious, or clean),” Microsoft explains on a blogpost.

“For any malicious entity, the investigation will create a remediation action, an action that, when approved, will remove or contain a malicious entity that was found in the investigation. These actions are defined, managed, and executed by Microsoft Defender for Endpoint without the security operations team having to remotely connect to the device.”

The actions taken depend on what level of device automation has been configured. Previously, Microsoft Defender for Endpoint customers that opted into public previews were put on “Semi”, which required approval for any remediation. Soon, they’ll be moved to the “Full” configuration, which allows for Windows 10 to remediate threats automatically.

With the setting at Semi, administrators might have more control, but as Microsoft points out, admins may lose valuable time to halt the malware from causing further damage, such as affecting other PCs.

Microsoft has made some improvements to its automated malware detection since first releasing it. First, it’s boosted malware detection accuracy, so there should be fewer infections and false-positives. Additionally, it’s now got better automated investigation capabilities.

“We have seen thousands of cases where organizations with fully automated tenants have successfully contained and remediated threats, while other companies, left with the default ‘semi’ level, have remained at high risk due to lengthy pending time for approval of actions,” the blog warned.

According to Microsoft, customers using full automation have had “40% more high-confidence malware samples removed than customers using lower levels of automation.”

This should leave security operations centers with more free time to deal with malware threats that require human intervention.

From February 16, 2021, Microsoft will automatically upgrade organizations that opted for public previews in the Microsoft Defender for Endpoint to “Full-remediate threats automatically”.

Do you need free antivirus software for malware protection in your Windows PC? Yes, you do. Here’s what’s worth paying extra for.

While there are lots of reasons to invest in antivirus software, it boils down to this: Antivirus software is an essential tool for identity protection, and there’s just too much personal information on your computer these days to risk not having it. If a cyber criminal or virus makes it through your defenses, it can lead to chaos such as identity theft. This is why anyone with a Windows PC should install antivirus software the moment it’s out of the box — and update it regularly to stay ahead.

But what makes a good antivirus software? And how can you be sure you’re staying ahead of the cyber criminals who always seem to find a savvy workaround to increasingly complicated security measures? Well, first you can acquaint yourself with what sets apart the good from the best. You want a program that includes features like malware protection, that monitors downloads and that observes your system’s activity for malicious software and suspicious behavior. It should also offer a secure browser experience in the process.

If you’re looking for malware protection and antivirus software with the best security features, here’s the first thing you need to know: Microsoft Defender Antivirus — the free antivirus software and virus protection program that comes with Windows 10 — is a decent tool for protecting your PC and offering internet security. (Amazingly, Microsoft provided no built-in protection for Windows back in the days of Windows 95, 98 and XP.) Using Microsoft Defender for threat detection should be your starting point for antivirus security on Windows and most people will find they don’t need to go any further when it comes to identity theft protection.

However, keeping your personal data safe and guarding your privacy extends beyond virus protection, and that’s where third-party antivirus software shines. A full AV software protection package can monitor your Windows operating system as well as MacOS, iOS and Android devices. It could also include a password manager, secure online backup, identity theft protection, a VPN, parental control, webcam protection, protection against phishing and malicious websites and more — all worthwhile tools that can keep your data secure and guard your privacy.

To help you decide on the best antivirus software for your needs, we’ve put together a list of the best antivirus products for Windows 10, encompassing both free antivirus programs and subscription options. These picks of the best antivirus programs are a combination of recommendations from independent third-party labs AV-Test, AV-Comparatives and SE Labs, as well as CNET’s own hands-on testing. We regularly research and test software to determine which product leads the pack, and we update this list periodically based on those tests.

We would also like to note that antivirus software isn’t the only security feature you should invest in. A secure virtual private network to protect your internet traffic, a password manager to keep track of login credentials and an end-to-end encrypted messaging app to stop others from spying on your communications are all essential in protecting your personal information. Cybercriminals are becoming more sophisticated and high-profile attacks like the Columbia Pipeline hack are becoming more commonplace.

Our recommendations

Looking for free antivirus protection, malware protection or virus detection, willing to pay for an antivirus program that offers broad internet security coverage across all your devices, including from ransomware and phishing, or need to remove a computer virus or malware from your PC right now? Here’s where to start when looking for the best antivirus software for your needs.

Best free Windows antivirus

Microsoft Defender

Free version? Yes, free antivirus built into Windows 10

Paid version: Windows Defender Advanced Threat Protection is available to corporate users for a fee

Honestly, if you practice safe computing — you keep your software up to date, you use strong passwords (with the help of a password manager), you steer clear of unexpected emails and you don’t click suspicious links that may be phishing attempts — you probably can avoid zero-day attacks and ransomware attacks. And with the free Microsoft Defender Antivirus software running on Windows 10, you have a malware protection safety net if you do let your guard down. In fact, it is one of the best antivirus software. (Note that Microsoft changed the name of Windows Defender to Microsoft Defender and has expanded the service to other platforms.) This free antivirus program is built into Windows and it’s turned on by default, the antivirus engine does its thing, and this antivirus solution will cover the basics of internet security. Microsoft pushes new updates frequently. Defender also lets you tune the level of protection you want, giving you control over blocking potentially unwanted apps and protecting folders and files from a ransomware attack.

Note that Windows 10 will automatically disable its own Windows Defender antivirus when you install third-party antivirus. If you uninstall the third-party protection, Windows 10 will turn back on its own antivirus.

Windows Defender Firewall is the security guard of your Windows computer. Windows Firewall is a vital application developed by Microsoft and comes with every Windows PC by default. It is the default antivirus protection of your Windows computer. Windows Firewall facilitates filtering of data transmissions across the computer.

Windows Defender provides additional security against ransomware. As we all know, ransomware is a malicious program or software that threatens to destroy or leak a users’s data unless a hefty ransome is paid. As the world is now aware of such threats, companies have all geared up in protecting their products against ransomware attacks. Microsoft has added a controlled folder access in Windows Defender, which users can use to include added protection.

If you enable this feature, then a lot of restrictions in folder access will be imposed. For example, any third party application cannot access your local drive folders, or will ask for your permission if you try to open certain folders and files. If you think, your device contain certain confidential information, then you can surely turn this feature on.

Steps To Check Threat History In Windows Defender On Windows 10

Open Cortana and in the Cortana search box, type Windows Security. From the search results, select Windows Security.

How to see what malware windows defender found on your pc

As Windows Security opens, click on Virus and Threat Protection.

How to see what malware windows defender found on your pc

In the right panel, under Current Threats, you will find Threat History. Click on it.

You will get a brief about the threat history and the scan. To check full history, click on See Full History.

How to see what malware windows defender found on your pc

If there is no threat detected, then you will find No threats in the result.

How to see what malware windows defender found on your pc

About Debaleena

Happiness is that best therapy. Use it to heal yourself and then others!

How to see what malware windows defender found on your pc

2 min read

Last updated June 17, 2020

How to see what malware windows defender found on your pc

Picture this scenario: You log into your computer on any random Thursday, and Windows Defender won’t start. You manually kick it off, and you get the message “Windows Defender is turned off by group policy.”

Could it be that you’re hacked?

Get the Free Pen Testing Active Directory Environments EBook

Attackers know Windows Defender can detect cyberattacks, so as part of their standard playbook they attempt to disable Defender. Sometimes they could use group policy to disable Windows Defender on multiple machines – depending on their level of access – so they can move more easily between several computers on your network. Sometimes they will use a local group policy to disable Defender. There are other methods attackers use to disable Defender, but the group policy method makes it more difficult for the user to re-enable it.

5 Solutions for Windows Defender Turned Off by Group Policy

If you experience or one of your user’s reports this kind of error, you have several options to re-enable Defender. As a security practitioner, you might want to check several of these settings and a few other items (i.e., malware, AD event logs, ) for evidence of tampering.

Solution 1: Using Group Policy

  1. Open Group Policy editor
  2. Select Local Computer Policy -> Administrative Templates -> Windows Components
    How to see what malware windows defender found on your pc
  3. Select Windows Defender and in the right panel and double click the setting “Turn off Windows Defender”
    How to see what malware windows defender found on your pc
  4. “Turn off Windows Defender” should be set to Enable if you can’t run Windows Defender. You want to disable this option. You will need local administrative rights to make this change
    How to see what malware windows defender found on your pc

You should be able to run Windows Defender after you update this GPO.

Solution 2: User Settings

Another option to re-enable Windows Defender is in the Control Panel Settings.

  1. Click the Start button and type Windows Defender, and double click the icon for Windows Defender Security Center – this might be slightly different depending on your version of Windows.
  2. Click Settings, you are looking for a button labeled “Real Time Protection.” Make sure it is on.
    How to see what malware windows defender found on your pc

Solution 3: Using the Command Line

Another solution is to run the following command from PowerShell – make sure to Run As Administrator.

Set-MpPreference -DisableRealtimeMonitoring 0

Solution 4: Using the Registry Editor

Editing the Registry is another possible fix for this issue.

  1. Run ‘regedit’
  2. Navigate through the tree to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender.
  3. Delete DisableAntiSpyware in the right pane.
  4. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection.
  5. Delete DisableRealtimeMonitoring in the right pane.

People report that sometimes the first one works, sometimes the second, sometimes both. Best to delete both to be sure.

Solution 5: Reviewing Conflicting Programs

It is possible that attackers turned off Windows Defender by some other means and not from direct tampering with computer settings. You may have to investigate further to get everything back up and running.

Check for Malware

Malware can turn off Defender and keep it off despite your best efforts to re-enable it. If you aren’t able to turn Defender back on you might be infected. Install and run another malware detector of your choice and see if you can find and remove the infection.

Another option is to do what Varonis ITSec does and reinstall the OS.

Check Third-Party Antivirus Tools

If none of the other solutions work, make sure if you have another anti-virus application installed that it works with Windows Defender. Some anti-virus programs don’t. Some EDR solutions do.

Windows Defender is a good line of defense in a layered security strategy, but it is relatively easy for attackers to work-around. Just as easily as you can turn it on, they can turn it back off.

How to see what malware windows defender found on your pc

Varonis provides monitoring, perimeter telemetry, and advanced data security analytics for detecting intrusions and attackers even when they attempt to hide by turning off Windows Defender. Varonis monitors changes to GPOs and will throw an alert anytime someone changes a GPO. Varonis also detects attackers that connect from new network connections in strange geolocations and attempt to steal or escalate privileges.

Want to see how Varonis protects you from attack? Sign up for a free Live Cyber Attack Workshop right now!

How to see what malware windows defender found on your pc

Jeff Petters

Jeff has been working on computers since his Dad brought home an IBM PC 8086 with dual disk drives. Researching and writing about data security is his dream job.

I had compiled a simple hello world program in C with the MinGW compiler using the command line. As it had finished compiling, windows defender popped up and detected a virus (Trojan:Win32/Fuery.C!cl).

I had taken action on this (Removed) as windows defender suggested, but when I compile again the same happened, multiple times.

I had downloaded an AntiVirus (Malwarebytes) and scanned my whole system and it detected some registry key errors, but not this.

I’ve tried compiling C++ files too, but windows defender did not detect any virus there. This only happens when I compile in C.

EDIT: I deleted the path variable of C:/MinGW and added CodeBlock’s MinGW compiler. I then used the command line to compile the same C file again and had uploaded the .exe file to VirusTotal. This time, 0 engines detected. So I have come to the conclusion that, the MinGW compiler that I had installed was creating this problem. https://www.virustotal.com/gui/file/34d383f6c09f897d8c9a44ed0e7850574320e50fdf439eeb1f06705fdcc95386/detection

I don’t know why this happens. Is there a malware in my computer that affects my C programs or is this a false detection?

How to see what malware windows defender found on your pc

7 Answers 7

There is no malware, it is a false positive. The executable generated by your version of MinGW looks very similar to a particular virus.

To avoid the problem, add the directory where you build your code to the list of exclusion in the antivirus.

Also consider using mingw-w64 instead of mingw.org .

A possibility that should be considered is that you already have malware on your computer, and that malware is simply injecting its own code into your created .exe file. Your antivirus software then might detect the harmful code in your new .exe. This is a real possibility when you get that many detections with Virustotal from so many trustworthy providers.

Registry cleaners are often hoaxes. Antivirus software claiming to include registry cleaners are suspicious. What’s the name of the software you used?

Uninstall whatever antivirus software you used and install Malwarebytes. Enable rootkit detection in the settings, run a full scan with that, then a full scan with Windows Defender.

I may have solved my problem.

This is what I did: I removed the PATH Variable of C:\MinGW and added CodeBlock’s MinGW compiler (CodeBlocks/MinGW/bin). I used the command line to compile the same C file, and had uploaded the .exe to VirusTotal. No engines detected this file! https://www.virustotal.com/gui/file/34d383f6c09f897d8c9a44ed0e7850574320e50fdf439eeb1f06705fdcc95386/detection

So I have come to a conclusion that, MinGW was the compiler that was causing this problem. I have removed it.

However, I am not quite sure if this problem is FULLY solved. There is still a possibility of malware affecting my executable (or perhaps not). I cannot be sure.

If anyone has any answers, please comment or answer

How to see what malware windows defender found on your pc

I came across with the same problem, compiler tdm gcc v9.2.

The following compilation triggers a warning (kaspersky).

The following does not

The same code with g++ passes the test with both compilations. The antivirus software does not detect the same virus elsewhere but only in temp.exe (first compilation).

I ran into this after installing MinGW on 01-08-20(dd-mm-yy). For me it was also Windows Defender, the way to – hopefully temporarily- get rid of this is to add an exception for the folder your compilation output will reside in. The Microsoft website states these steps to add an exclusion:

  1. Go to Start > Settings > Update & Security > Windows Security > Virus & threat protection.
  2. Under Virus & threat protection settings, select Manage settings, and then under Exclusions, select Add or remove exclusions

Since you wrote that program and you know it isn’t actually a Trojan, it’s obviously a false positive. You should submit the file to them at https://www.microsoft.com/wdsi/filesubmission so they can figure out why it’s triggering the false positive and fix it. (If it happens with everything you compile, just sending them one will suffice.) In the meantime, you should add an exclusion to Windows Defender for the folder that you compile your executables in.

How to see what malware windows defender found on your pc

Your system is badly infected. Since your system is basically in hands of malware writers at this point, whatever you do with your little .exe is immaterial. You don’t show a minimal example. All you need is a .c file with a single line: int main() <> . You can compile it on another (uninfected) computer, copy it to yours and it’ll immediately become infected. You don’t have control over what gets written to that executable. It so happens that the executable is infected the moment it hits the filesystem. The malware you have does that.

Make a backup of data files that excludes anything executable, then wipe your system, reinstall Windows, install applications from credible sources (fresh downloads from trusted sites), install all Windows updates, run a virus scan of your backup using Windows built-in antimalware solution, then restore the backup. At this point your system is done, and I wouldn’t trust the ability of Malwarebytes to clean it up. It’s most likely to give you a false sense of security and just end up wasting lots of time, and you’ll end up having to wipe everything clean anyway. So why waste time – do it right the first time.

And don’t install any other antivirus or “cleaner” solution – you clearly have no feel for what’s legit, and that’s what got you into this trouble most likely. 99.9% of search results for malware removal and cleaner utilities are themselves either malicious malware or at least junkware that doesn’t help and just extorts payments. If your online behaviors are reasonable, you won’t need any solution other than what Windows includes by default.

An overview of the Windows 10 built-in anti-malware software

How to see what malware windows defender found on your pc

  • Tweet
  • Share
  • Email

Windows Defender is a free program that Microsoft includes with Windows 10. It protects your computer from spyware, viruses, and other malware (i.e., malicious software that harms your device). It used to be called “Microsoft Security Essentials.”

It’s turned on by default when you first start up Windows 10, but Windows Defender can be turned off. One important note is that if you install another antivirus program, you should disable Windows Defender. Antivirus programs don’t like being installed on the same machine and can confuse your computer.

Finding Windows Defender

” data-caption=”” data-expand=”300″ data-tracking-container=”true” />

To learn how to set up and use Windows Defender, you first need to find it. The easiest way is to type “defender” in the search window at the bottom left of the taskbar. The window is next to the Start button.

Main Window

How to see what malware windows defender found on your pc

When Windows Defender opens, you’ll see this screen. The first thing to notice is the color. A yellow bar at the top computer monitor here, along with the exclamation point, is Microsoft’s not-too-subtle way of telling you that you need to take some action. Notice that it ways “PC status: Potentially unprotected” at the top, in case you missed all the other warnings.

In this case, the text tells us that we need to run a scan. Underneath, the check marks tell us that “Real-time protection” is on, meaning that Defender is continuously running and that my virus definitions are “Up to date.” That means Defender has the latest descriptions of viruses loaded and should be able to recognize the latest threats to the computer.

There’s also a Scan now button, to manually kick off a scan, and below that, the details of my last scan, including what kind it was.

To the right are three scan options. Let’s go through them. (Also note that the phrase “Scan options” is only partially visible. This appears to be a glitch in the program, so don’t worry about it.)

  • Quick scan. This checks the areas that malware is most likely to reside. It’s not as thorough as a full scan but is much faster. It’s usually enough to keep you safe.
  • Full scan. This scan checks everything on your hard drive. It’s slow, and can take a long time, but is more likely to find a bit of malware hiding in an unexpected place.
  • Custom scan. You can pick and choose the files and places you want to scan. Leave this alone unless you’re a high-level user.

Update Tab

How to see what malware windows defender found on your pc

What you’ve seen so far is the information in the Home tab, which is where you’ll spend most of your time. The Update tab, next to it, lists the last time your virus and spyware definitions were updated. The only time you need to pay attention to what’s here is when the definitions are old because Defender won’t know what to look for, and newer malware could infect your PC.

History Tab

How to see what malware windows defender found on your pc

The final tab is labeled History. This informs you what malware was found, and what Defender is doing with it. By clicking the View details button, you can see what items are in each of these categories. As with the Update tab, you probably won’t spend much time here, unless you’re tracking down a particular bit of malware.

Scanning.

How to see what malware windows defender found on your pc

Once you press the Scan now button, the scan will start, and you’ll get a progress window showing how much of your computer has been scanned. The information also tells you what type of scan is being done; when you started it; how long it’s been going; and how many items, like files and folders, have been scanned.

Protected PC

How to see what malware windows defender found on your pc

When the scan is finished, you’ll see green. The title bar at the top turns green, and the (now) green monitor has a checkmark in it, letting you know everything’s good. It will also tell you how many items were scanned and whether it found any potential threats. Here, green is good, and Windows Defender is completely up to date.

I don’t know where on disk the files are stored. Fortunately, that doesn’t matter, since you can use Windows Defender itself to manage the contents of the vault. Even better, you probably don’t need to do a thing.

Vault and quarantines

The “vault” is the location where anti-malware

Depending on the specific threat, the anti-malware [malicious software]

There is no standard vault location. Each program sets up and uses its own strategy for managing its vault.

Managing Defender’s results

Double-click on the Windows Defender icon —

— in the taskbar to open the Windows Defender Security Center. Click on virus

How to see what malware windows defender found on your pc

Click on Threat history. This will list current issues and quarantined items if any are present.

How to see what malware windows defender found on your pc

Click on See full history.

How to see what malware windows defender found on your pc

This will list recently discovered issues that have been dealt with. If you’re experiencing false positives, you can also indicate that specific threats are to be allowed (by clicking the down-arrow to the right of an item listed, and then the “Allow” button, not shown).

Manual action not required

One of the phrases to note in the dialog above is “They will be periodically removed” in the quarantine section.

The implication is that you do not need to empty the quarantine yourself; it’ll be handled for you. They only time you really need to visit these settings and history is if you’re curious, or if you’re trying to address a specific problem such as a false positive.

Windows Defender is, for the most part, completely self-sufficient and self-maintaining.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.