Windows Defender History


  1. Posts : 289
    Win 10 PRO 64 Bit
       #1

    Windows Defender History


    Just a little while ago Defender reported it detected something severe.
    I should have noted the file and location, but in my haste I did not.
    I asked Defender to remove the offending file.
    When I saw it classed it as severe I just started running scans.

    Malwarebytes (free edition), and a Windows quick scan found nothing.
    A few minutes later same thing. This time I downloaded the latest MS Security Scanner It found nada.
    I was hoping there was a history log so could look back at what the file name and location was, but cannot find any place to view that.
    I did follow Brink's method of going to view protection, but it shows no recent actions, and I do not see any filter option on my screen to open a log file.

    Any thoughts ?
    Windows 10 20H2 19042.964
      My Computer


  2. Posts : 475
    Windows 10
       #2

    Windows Defender, view the log at C:\ProgramData\Microsoft\Windows Defender\Support

    MS Safety Scanner, view the log at %SYSTEMROOT%\debug\msert.log.
      My Computer


  3. Posts : 289
    Win 10 PRO 64 Bit
    Thread Starter
       #3

    Jmatt first thanks for responding.

    I looked at the first item you posted, and I will admit that's quite a log that I did not completely understand all that was transpiring.
    Knowing the date I managed to scroll down to that area. I noticed "all sorts of commotion" going on and tried to decipher.
    The problem looks like it was a trojan:html/pish.gb!

    I could see references to 2 different times that windows had issues with at least 4 different .jpg files that were first quarantined then next removed. That agrees with the 2 different times that I saw the screen notice pop up.

    Each day I look at quite a few E-Bay photos for purchasing reasons, and I'm thinking maybe a trojan could hitch a ride to my computer via that route ?
    Since then running as many scans as I could think of it's all clear, however I'm going to do a full system scan just to be sure.

    It was quite interesting to see the Windows 10 resources mobilized to get hold of the problem(s)

    Thanks again for the information
      My Computer

  4. Paul Black's Avatar
    Posts : 13,043
    Win 10 Pro 64-bit v1909 - Build 18363 Custom ISO Install
       #4

    Hello @smalltown,

    Just in case you wanted to output the current Quarantined Items to a Desktop file, type [ Or Copy & Paste ] this command in a CMD Prompt and press <Enter> . . .

    Code:
    
    "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Restore -ListAll > %UserProfile%\Desktop\Defend_Q.log

    It will output a Defend_Q.log on the Desktop.

    I hope this helps.
      My Computer


  5. Posts : 475
    Windows 10
       #5

    "I'm going to do a full system scan just to be sure."
    I would also run this.

    Run ESET Online Scanner. Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
    Free Virus Scan | Online Virus Scan from ESET | ESET
    [KB2921] Install and run ESET Online Scanner version 3
    Overview | ESET Online Scanner | ESET Online Help
    [url=https://support.eset.com/en/kb2921-install-and-run-eset-online-scanner#advancedsettings][KB2921] Install and run
    Last edited by jmatt; 03 May 2021 at 19:57.
      My Computer


  6. Posts : 289
    Win 10 PRO 64 Bit
    Thread Starter
       #6

    jmatt I Downloaded and installed the ESET program. I did not see any advanced options. Maybe you are using a paid version?
    That said I ran the program, and ticked that it should remove any problems it found. It did indicate that it has issues with three items.
    Tried to attach the file, but the screen only shows me the files I had previously uploaded so I cut and pasted.


    5/3/2021 11:39:02 AM
    Files scanned: 546151
    Detected files: 3
    Cleaned files: 3
    Total scan time 02:17:48
    Scan status: Finished

    C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe a variant of Win32/YTDDownloader.H potentially unwanted application cleaned by deleting

    H:\MEDIA\Downloads\HP Officejet Pro 6830 e-All-in-One Printer series Full Feature Software and Drivers - OJ6830_73.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting

    H:\OJ6830_73.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
      My Computer


  7. Posts : 475
    Windows 10
       #7

    "I did not see any advanced options"
    Thanks, I've edited my info.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 19:18.
Find Us




Windows 10 Forums