New
#11
[QUOTE=Callender;2425918]You have to unhide it.
I always run with 'show hidden files....'.
I've even turned off Tamper protection lol. As long as it works for the OP then that's all that counts. I don't really care if it doesn't work on my laptops.
Those logs can be cleared if using winapp2.ini and a system cleaner that supports it.
[Windows Defender *]
LangSecRef=3024
Detect=HKLM\Software\Microsoft\Windows Defender
FileKey1=%CommonAppData%\Microsoft\Windows Defender\Network Inspection System\Support|*.txt;NisLog.txt.bak
FileKey2=%CommonAppData%\Microsoft\Windows Defender\Scans\BackupStore|*.*|RECURSE
FileKey3=%CommonAppData%\Microsoft\Windows Defender\Scans\History\CacheManager|*.*|RECURSE
FileKey4=%CommonAppData%\Microsoft\Windows Defender\Scans\History\Service|*.log
FileKey5=%CommonAppData%\Microsoft\Windows Defender\Scans\History\Store|*.*
FileKey6=%CommonAppData%\Microsoft\Windows Defender\Scans\MetaStore|*.*|RECURSE
FileKey7=%CommonAppData%\Microsoft\Windows Defender\Scans\RtSigs\Data|*.*|RECURSE
FileKey8=%CommonAppData%\Microsoft\Windows Defender\Support|*.*|RECURSE
Maybe you cleaned logs without knowing?
Anyway you're not supposed to get access:
I just use third party tools to bypass permissions without changing ownership.
Just an FYI for those who can't see it. (I mean can't see it when it is present)
If not present - no worries.
Also I'm guessing that "Detection History" might not exist in a VM until there has actually been something to detect.
So I suppose download the Eicar file and if detected check again for the folder and contents.