W10 Windows Defender Finds Several Threats But History Only Shows One

Hello @v1rrr,
Welcome to TenForums.

For detailed information of the Threats, Copy & Paste the following command [ ALL at once ] into a CMD Prompt and press Enter. As your screenshot shows 49 Threats, I have set the output to show 60 just in case there are more and sorted by ThreatName.

Code:

@echo off
:: Written by Paul Black
PowerShell ^
     $Tot=((Get-MpThreat) ^| Measure-Object).Count; ^
     $List=(Get-MpThreat  ^| Select -First 60 ^| Sort-Object -Property ThreatName ^| Select ^
     @{L=' Threat Name'       ;E={;if([string]::IsNullOrWhiteSpace($_.ThreatName))       {'-'} else {$_.ThreatName}}}, ^
     @{L=' Threat ID'         ;E={;if([string]::IsNullOrWhiteSpace($_.ThreatID))         {'-'} else {$_.ThreatID}}}, ^
     @{L=' Category ID'       ;E={;if([string]::IsNullOrWhiteSpace($_.CategoryID))       {'-'} else {$_.CategoryID}}}, ^
     @{L=' Type ID'           ;E={;if([string]::IsNullOrWhiteSpace($_.TypeID))           {'-'} else {$_.TypeID}}}, ^
     @{L=' Severity ID'       ;E={;if([string]::IsNullOrWhiteSpace($_.SeverityID))       {'-'} else {$_.SeverityID}}}, ^
     @{L=' Did Threat Execute';E={;if([string]::IsNullOrWhiteSpace($_.DidThreatExecute)) {'-'} else {$_.DidThreatExecute}}}, ^
     @{L=' IsActive'          ;E={;if([string]::IsNullOrWhiteSpace($_.IsActive))         {'-'} else {$_.IsActive}}}, ^
     @{L=' Resources'         ;E={;if([string]::IsNullOrWhiteSpace($_.Resources))        {'-'} else {$_.Resources}}}, ^
     @{L=' Schema Version'    ;E={;if([string]::IsNullOrWhiteSpace($_.SchemaVersion))    {'-'} else {$_.SchemaVersion}}}, ^
     @{L=' Rollup Status'     ;E={;if([string]::IsNullOrWhiteSpace($_.RollupStatus))     {'-'} else {$_.RollupStatus}}}, ^
     @{L=' CIM Class'         ;E={;if([string]::IsNullOrWhiteSpace($_.CimClass))         {'-'} else {$_.CimClass}}} ^| ^
Format-List ^| Out-String -Width 1000).Trim("""`r`n"""); ^
     if ($List.Length) {Write-Host """`n --- Antivirus - Microsoft Defender - History of Threats - LAST 60 [if applicable] of [$Tot] - Sorted by [ThreatName] ---`n`n$List"""} else ^
                       {Write-Host """`n --- NO Antivirus - Microsoft Defender - History of Threats Available ---"""; exit 1}
echo. & echo ^>Press ANY key to EXIT . . . & pause >nul & Exit

If you want the Detections, let me know.

I hope this helps.

Hello @v1rrr,

v1rrr said:

Hey I appreciate the help! Trying said command only shows 3 threats and not the full 49 the scan mentioned.

Strange, OK, try this for Detections . . .

Code:

@echo off
:: Written by Paul Black
PowerShell ^
     $Tot=((Get-MpThreatDetection) ^| Measure-Object).Count; ^
     $List=(Get-MpThreatDetection  ^| Select -First 60 ^| Sort-Object -Property InitialDetectionTime -Descending ^| Select ^
     @{L=' Detection ID'                      ;E={;if([string]::IsNullOrWhiteSpace($_.DetectionID))                    {'-'} else {$_.DetectionID.Trim('{}')}}}, ^
     @{L=' Detection Source Type ID'          ;E={;if([string]::IsNullOrWhiteSpace($_.DetectionSourceTypeID))          {'-'} else {$_.DetectionSourceTypeID}}}, ^
     @{L=' Threat ID'                         ;E={;if([string]::IsNullOrWhiteSpace($_.ThreatID))                       {'-'} else {$_.ThreatID}}}, ^
     @{L=' Threat Status ID'                  ;E={;if([string]::IsNullOrWhiteSpace($_.ThreatStatusID))                 {'-'} else {$_.ThreatStatusID}}}, ^
     @{L=' Threat Status Error Code'          ;E={;if([string]::IsNullOrWhiteSpace($_.ThreatStatusErrorCode))          {'-'} else {$_.ThreatStatusErrorCode}}}, ^
     @{L=' Initial Detection Time'            ;E={;if([string]::IsNullOrWhiteSpace($_.InitialDetectionTime))           {'-'} else {$_.InitialDetectionTime}}}, ^
     @{L=' Last Threat Status Change Time'    ;E={;if([string]::IsNullOrWhiteSpace($_.LastThreatStatusChangeTime))     {'-'} else {$_.LastThreatStatusChangeTime}}}, ^
     @{L=' Remediation Time'                  ;E={;if([string]::IsNullOrWhiteSpace($_.RemediationTime))                {'-'} else {$_.RemediationTime}}}, ^
     @{L=' Action Success'                    ;E={;if([string]::IsNullOrWhiteSpace($_.ActionSuccess))                  {'-'} else {$_.ActionSuccess}}}, ^
     @{L=' Cleaning Action ID'                ;E={;if([string]::IsNullOrWhiteSpace($_.CleaningActionID))               {'-'} else {$_.CleaningActionID}}}, ^
     @{L=' Current Threat Execution Status ID';E={;if([string]::IsNullOrWhiteSpace($_.CurrentThreatExecutionStatusID)) {'-'} else {$_.CurrentThreatExecutionStatusID}}}, ^
     @{L=' Additional Actions Bit Mask'       ;E={;if([string]::IsNullOrWhiteSpace($_.AdditionalActionsBitMask))       {'-'} else {$_.AdditionalActionsBitMask}}}, ^
     @{L=' AM Product Version'                ;E={;if([string]::IsNullOrWhiteSpace($_.AMProductVersion))               {'-'} else {$_.AMProductVersion}}}, ^
     @{L=' Domain User'                       ;E={;if([string]::IsNullOrWhiteSpace($_.DomainUser))                     {'-'} else {$_.DomainUser}}}, ^
     @{L=' Process Name'                      ;E={;if([string]::IsNullOrWhiteSpace($_.ProcessName))                    {'-'} else {$_.ProcessName}}}, ^
     @{L=' Resources'                         ;E={;if([string]::IsNullOrWhiteSpace($_.Resources))                      {'-'} else {$_.Resources}}}, ^
     @{L=' CIM Class'                         ;E={;if([string]::IsNullOrWhiteSpace($_.CimClass))                       {'-'} else {$_.CimClass}}} ^| ^
Format-List ^| Out-String -Width 166).Trim("""`r`n"""); ^
     if ($List.Length) {Write-Host """`n --- Antivirus - Microsoft Defender - Active and Past Malware Detections - LAST 60 [if applicable] of [$Tot] - Sorted by [InitialDetectionTime -Descending] ---`n`n$List"""} else ^
                       {Write-Host """`n --- NO Antivirus - Microsoft Defender - Active and Past Malware Detections Available ---"""; exit 1}
echo. & echo ^>Press ANY key to EXIT . . . & pause >nul & Exit

I hope this helps.