W10 Windows Defender Finds Several Threats But History Only Shows One


  1. Posts : 2
    Windows 10
       #1

    W10 Windows Defender Finds Several Threats But History Only Shows One


    System: Windows 10
    Antimalware Client Version: 4.18.2301.6
    Engine Version: 1.1.20000.2
    Antivirus Version: 1.383.608.0
    Antispyware Version: 1.383.608.0

    After doing a full scan on my system several threats are found.
    When checking the protection history only 1 threat is displayed.
    Is there any reason threats would be "hidden"? And if so how would I go about making them visible?

    W10 Windows Defender Finds Several Threats But History Only Shows One-5ha0.jpg

    W10 Windows Defender Finds Several Threats But History Only Shows One-8g7b.jpg
      My Computer


  2. Posts : 18,044
    Win 10 Pro 64-bit v1909 - Build 18363 Custom ISO Install
       #2

    Hello @v1rrr,
    Welcome to TenForums.

    For detailed information of the Threats, Copy & Paste the following command [ ALL at once ] into a CMD Prompt and press Enter. As your screenshot shows 49 Threats, I have set the output to show 60 just in case there are more and sorted by ThreatName.

    Code:
    
    @echo off
    :: Written by Paul Black
    PowerShell ^
         $Tot=((Get-MpThreat) ^| Measure-Object).Count; ^
         $List=(Get-MpThreat  ^| Select -First 60 ^| Sort-Object -Property ThreatName ^| Select ^
         @{L=' Threat Name'       ;E={;if([string]::IsNullOrWhiteSpace($_.ThreatName))       {'-'} else {$_.ThreatName}}}, ^
         @{L=' Threat ID'         ;E={;if([string]::IsNullOrWhiteSpace($_.ThreatID))         {'-'} else {$_.ThreatID}}}, ^
         @{L=' Category ID'       ;E={;if([string]::IsNullOrWhiteSpace($_.CategoryID))       {'-'} else {$_.CategoryID}}}, ^
         @{L=' Type ID'           ;E={;if([string]::IsNullOrWhiteSpace($_.TypeID))           {'-'} else {$_.TypeID}}}, ^
         @{L=' Severity ID'       ;E={;if([string]::IsNullOrWhiteSpace($_.SeverityID))       {'-'} else {$_.SeverityID}}}, ^
         @{L=' Did Threat Execute';E={;if([string]::IsNullOrWhiteSpace($_.DidThreatExecute)) {'-'} else {$_.DidThreatExecute}}}, ^
         @{L=' IsActive'          ;E={;if([string]::IsNullOrWhiteSpace($_.IsActive))         {'-'} else {$_.IsActive}}}, ^
         @{L=' Resources'         ;E={;if([string]::IsNullOrWhiteSpace($_.Resources))        {'-'} else {$_.Resources}}}, ^
         @{L=' Schema Version'    ;E={;if([string]::IsNullOrWhiteSpace($_.SchemaVersion))    {'-'} else {$_.SchemaVersion}}}, ^
         @{L=' Rollup Status'     ;E={;if([string]::IsNullOrWhiteSpace($_.RollupStatus))     {'-'} else {$_.RollupStatus}}}, ^
         @{L=' CIM Class'         ;E={;if([string]::IsNullOrWhiteSpace($_.CimClass))         {'-'} else {$_.CimClass}}} ^| ^
    Format-List ^| Out-String -Width 1000).Trim("""`r`n"""); ^
         if ($List.Length) {Write-Host """`n --- Antivirus - Microsoft Defender - History of Threats - LAST 60 [if applicable] of [$Tot] - Sorted by [ThreatName] ---`n`n$List"""} else ^
                           {Write-Host """`n --- NO Antivirus - Microsoft Defender - History of Threats Available ---"""; exit 1}
    echo. & echo ^>Press ANY key to EXIT . . . & pause >nul & Exit
    

    If you want the Detections, let me know.

    I hope this helps.
      My Computer


  3. Posts : 2
    Windows 10
    Thread Starter
       #3

    Paul Black said:
    Hello @v1rrr,
    Welcome to TenForums.

    For detailed information of the Threats, Copy & Paste the following command [ ALL at once ] into a CMD Prompt and press Enter. As your screenshot shows 49 Threats, I have set the output to show 60 just in case there are more and sorted by ThreatName.

    Code:
    
    @echo off
    :: Written by Paul Black
    PowerShell ^
         $Tot=((Get-MpThreat) ^| Measure-Object).Count; ^
         $List=(Get-MpThreat  ^| Select -First 60 ^| Sort-Object -Property ThreatName ^| Select ^
         @{L=' Threat Name'       ;E={;if([string]::IsNullOrWhiteSpace($_.ThreatName))       {'-'} else {$_.ThreatName}}}, ^
         @{L=' Threat ID'         ;E={;if([string]::IsNullOrWhiteSpace($_.ThreatID))         {'-'} else {$_.ThreatID}}}, ^
         @{L=' Category ID'       ;E={;if([string]::IsNullOrWhiteSpace($_.CategoryID))       {'-'} else {$_.CategoryID}}}, ^
         @{L=' Type ID'           ;E={;if([string]::IsNullOrWhiteSpace($_.TypeID))           {'-'} else {$_.TypeID}}}, ^
         @{L=' Severity ID'       ;E={;if([string]::IsNullOrWhiteSpace($_.SeverityID))       {'-'} else {$_.SeverityID}}}, ^
         @{L=' Did Threat Execute';E={;if([string]::IsNullOrWhiteSpace($_.DidThreatExecute)) {'-'} else {$_.DidThreatExecute}}}, ^
         @{L=' IsActive'          ;E={;if([string]::IsNullOrWhiteSpace($_.IsActive))         {'-'} else {$_.IsActive}}}, ^
         @{L=' Resources'         ;E={;if([string]::IsNullOrWhiteSpace($_.Resources))        {'-'} else {$_.Resources}}}, ^
         @{L=' Schema Version'    ;E={;if([string]::IsNullOrWhiteSpace($_.SchemaVersion))    {'-'} else {$_.SchemaVersion}}}, ^
         @{L=' Rollup Status'     ;E={;if([string]::IsNullOrWhiteSpace($_.RollupStatus))     {'-'} else {$_.RollupStatus}}}, ^
         @{L=' CIM Class'         ;E={;if([string]::IsNullOrWhiteSpace($_.CimClass))         {'-'} else {$_.CimClass}}} ^| ^
    Format-List ^| Out-String -Width 1000).Trim("""`r`n"""); ^
         if ($List.Length) {Write-Host """`n --- Antivirus - Microsoft Defender - History of Threats - LAST 60 [if applicable] of [$Tot] - Sorted by [ThreatName] ---`n`n$List"""} else ^
                           {Write-Host """`n --- NO Antivirus - Microsoft Defender - History of Threats Available ---"""; exit 1}
    echo. & echo ^>Press ANY key to EXIT . . . & pause >nul & Exit
    

    I hope this helps.
    Hey I appreciate the help! Trying said command only shows 3 threats and not the full 49 the scan mentioned.W10 Windows Defender Finds Several Threats But History Only Shows One-epbb.jpg
      My Computer


  4. Posts : 18,044
    Win 10 Pro 64-bit v1909 - Build 18363 Custom ISO Install
       #4

    Hello @v1rrr,

    v1rrr said:
    Hey I appreciate the help! Trying said command only shows 3 threats and not the full 49 the scan mentioned.
    W10 Windows Defender Finds Several Threats But History Only Shows One-epbb.jpg
    Strange, OK, try this for Detections . . .

    Code:
    
    @echo off
    :: Written by Paul Black
    PowerShell ^
         $Tot=((Get-MpThreatDetection) ^| Measure-Object).Count; ^
         $List=(Get-MpThreatDetection  ^| Select -First 60 ^| Sort-Object -Property InitialDetectionTime -Descending ^| Select ^
         @{L=' Detection ID'                      ;E={;if([string]::IsNullOrWhiteSpace($_.DetectionID))                    {'-'} else {$_.DetectionID.Trim('{}')}}}, ^
         @{L=' Detection Source Type ID'          ;E={;if([string]::IsNullOrWhiteSpace($_.DetectionSourceTypeID))          {'-'} else {$_.DetectionSourceTypeID}}}, ^
         @{L=' Threat ID'                         ;E={;if([string]::IsNullOrWhiteSpace($_.ThreatID))                       {'-'} else {$_.ThreatID}}}, ^
         @{L=' Threat Status ID'                  ;E={;if([string]::IsNullOrWhiteSpace($_.ThreatStatusID))                 {'-'} else {$_.ThreatStatusID}}}, ^
         @{L=' Threat Status Error Code'          ;E={;if([string]::IsNullOrWhiteSpace($_.ThreatStatusErrorCode))          {'-'} else {$_.ThreatStatusErrorCode}}}, ^
         @{L=' Initial Detection Time'            ;E={;if([string]::IsNullOrWhiteSpace($_.InitialDetectionTime))           {'-'} else {$_.InitialDetectionTime}}}, ^
         @{L=' Last Threat Status Change Time'    ;E={;if([string]::IsNullOrWhiteSpace($_.LastThreatStatusChangeTime))     {'-'} else {$_.LastThreatStatusChangeTime}}}, ^
         @{L=' Remediation Time'                  ;E={;if([string]::IsNullOrWhiteSpace($_.RemediationTime))                {'-'} else {$_.RemediationTime}}}, ^
         @{L=' Action Success'                    ;E={;if([string]::IsNullOrWhiteSpace($_.ActionSuccess))                  {'-'} else {$_.ActionSuccess}}}, ^
         @{L=' Cleaning Action ID'                ;E={;if([string]::IsNullOrWhiteSpace($_.CleaningActionID))               {'-'} else {$_.CleaningActionID}}}, ^
         @{L=' Current Threat Execution Status ID';E={;if([string]::IsNullOrWhiteSpace($_.CurrentThreatExecutionStatusID)) {'-'} else {$_.CurrentThreatExecutionStatusID}}}, ^
         @{L=' Additional Actions Bit Mask'       ;E={;if([string]::IsNullOrWhiteSpace($_.AdditionalActionsBitMask))       {'-'} else {$_.AdditionalActionsBitMask}}}, ^
         @{L=' AM Product Version'                ;E={;if([string]::IsNullOrWhiteSpace($_.AMProductVersion))               {'-'} else {$_.AMProductVersion}}}, ^
         @{L=' Domain User'                       ;E={;if([string]::IsNullOrWhiteSpace($_.DomainUser))                     {'-'} else {$_.DomainUser}}}, ^
         @{L=' Process Name'                      ;E={;if([string]::IsNullOrWhiteSpace($_.ProcessName))                    {'-'} else {$_.ProcessName}}}, ^
         @{L=' Resources'                         ;E={;if([string]::IsNullOrWhiteSpace($_.Resources))                      {'-'} else {$_.Resources}}}, ^
         @{L=' CIM Class'                         ;E={;if([string]::IsNullOrWhiteSpace($_.CimClass))                       {'-'} else {$_.CimClass}}} ^| ^
    Format-List ^| Out-String -Width 166).Trim("""`r`n"""); ^
         if ($List.Length) {Write-Host """`n --- Antivirus - Microsoft Defender - Active and Past Malware Detections - LAST 60 [if applicable] of [$Tot] - Sorted by [InitialDetectionTime -Descending] ---`n`n$List"""} else ^
                           {Write-Host """`n --- NO Antivirus - Microsoft Defender - Active and Past Malware Detections Available ---"""; exit 1}
    echo. & echo ^>Press ANY key to EXIT . . . & pause >nul & Exit
    
    

    I hope this helps.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 19:08.
Find Us




Windows 10 Forums