Is it okay to clear the MS Defender Logs?

Fabler2 · 20 May 2022

Nope, not in Win 10 either

Is it okay to clear the MS Defender Logs?-2022-05-20-15_41_31-windows-security.png

Alainikus · 20 May 2022

WXC said:

Just curious, so I searched for C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service, and no items matched my search on my old PC.

Isn't that strange?

I do use Windows security, although it has never detected a threat, I'm surprised that I don't have this entry.

...I guess the old adage 'No news is good news' applies for me here.

Interesting... I wonder if it's the same on a fresh Windows 10 VM...

- - - Updated - - -

Fabler2 said:

Nope, not in Win 10 either

That's weird...

Callender · 20 May 2022

You have to unhide it.

https://answers.microsoft.com/en-us/...d-c6059c8e0828

Fabler2 · 20 May 2022

[QUOTE=Callender;2425918]You have to unhide it.

I always run with 'show hidden files....'.
I've even turned off Tamper protection lol. As long as it works for the OP then that's all that counts. I don't really care if it doesn't work on my laptops.

Callender · 20 May 2022

Those logs can be cleared if using winapp2.ini and a system cleaner that supports it.

[Windows Defender *]
LangSecRef=3024
Detect=HKLM\Software\Microsoft\Windows Defender
FileKey1=%CommonAppData%\Microsoft\Windows Defender\Network Inspection System\Support|*.txt;NisLog.txt.bak
FileKey2=%CommonAppData%\Microsoft\Windows Defender\Scans\BackupStore|*.*|RECURSE
FileKey3=%CommonAppData%\Microsoft\Windows Defender\Scans\History\CacheManager|*.*|RECURSE
FileKey4=%CommonAppData%\Microsoft\Windows Defender\Scans\History\Service|*.log
FileKey5=%CommonAppData%\Microsoft\Windows Defender\Scans\History\Store|*.*
FileKey6=%CommonAppData%\Microsoft\Windows Defender\Scans\MetaStore|*.*|RECURSE
FileKey7=%CommonAppData%\Microsoft\Windows Defender\Scans\RtSigs\Data|*.*|RECURSE
FileKey8=%CommonAppData%\Microsoft\Windows Defender\Support|*.*|RECURSE

Maybe you cleaned logs without knowing?

Anyway you're not supposed to get access:

Is it okay to clear the MS Defender Logs?-c__programdata_microsoft_windows-defender.png

I just use third party tools to bypass permissions without changing ownership.

Is it okay to clear the MS Defender Logs?-q-dir-9.41-admin.png

Is it okay to clear the MS Defender Logs?-q-dir-9.41-admin-3.png

Just an FYI for those who can't see it. (I mean can't see it when it is present)

If not present - no worries.

Callender · 20 May 2022

Also I'm guessing that "Detection History" might not exist in a VM until there has actually been something to detect.

So I suppose download the Eicar file and if detected check again for the folder and contents.

WXC · 20 May 2022

Callender said:

You have to unhide it.

https://answers.microsoft.com/en-us/...d-c6059c8e0828

Fabler2 said:

I always run with 'show hidden files....'.
I've even turned off Tamper protection lol. As long as it works for the OP then that's all that counts. I don't really care if it doesn't work on my laptops.

Thank you, guys.

Curiosity satisfied, I found it. But I'm not going to clear, as I don't think they're bothering anything.

Much appreciated.