New
#11
What actions is Defender allowing you?
Denis
As mentioned quarantine, clean, remove, and allow. The first three don't work because the file was on a CD.
Download "Everything" APP from voidtools....its free.
Type in details what you are searching for.....then click on "Open Path"
If found you can then delete it.
???
I'm not trying to delete any file. There is no file on the computer; there never was. It was only on the CD (and it is destroyed now).
The reason that alert is stuck is because it's not possible to remove or modify a file that is on a CD, meaning defender does nothing about it.
So far the only options are to either allow that malware type and forever keep it allowed... or nuke windows.
Ah, now I understand your concern.
I have never understood it properly either.
If I allow that threat, am I allowing that specific threat in that specific file in that specific location?
or
If I allow that threat, am I allowing that specific threat anywhere it might raise its ugly head in the future?
I don't think I have any notes about that. I'll check and get back to you.
I immediately stumbled across this answer to your original question.
How to clear Windows Defender Protection History in Windows 11/10 - TWC
and then I found this
Reset Windows Security - TenForumsTutorials
All the best,
Denis
Yea, I don't want random threats to be allowed for no good reason.
I had already tried that reset option and it does nothing.
Windows Defender is defaulted to scan its own "Scans/History". Resulting in the discovery of the malware over and over again. Even though, other scanners see no evidence of the malware on the PC and the machine scans clean using other tools.
You can clear scan history:
http://web.archive.org/web/202110230...d-c6059c8e0828
If you cannot see the information for some reason, here it is.
Note
Until Microsoft sees fit to fix this problem, you can prevent the repeating error indication, by deleting the
items that are described in Windows Defender Protection History. You can delete them by accessing their files,
that are located in C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service.
In the "Service" folder, find and delete "Detection History".
Note: ProgramData is a hidden file. In order to access it, the "Hidden Items" option in "File Explorer" must be
checked. Find the "Hidden Items" check box under the "View Tab".
And, the first time that you access "Scans", you must select "continue", to obtain the permission.
Restart and try another scan. Notifications for the current malware should stop.
Or you can run a member created script to clear it. You can get that from the link here:
Clear Windows Security Center (Defender) Protection History
That method doesn't work for me because the files are owned by System and for some reason I cannot even take ownership. The script didn't work either.
However, the post right below the one you linked to in that tenforums thread partially pointed me in the right direction.
By booting into command mode the ownership issue is not a problem. I followed the instructions but it still didn't work.
Turns out it was incomplete. The del *.* command only deletes the files and not folders, and the main culprit for the detection alerts is the content of the DetectionHistory folder.
I deleted it with the rmdir /s command and the stupid alerts are gone.
So much unnecessary runaround and waste of time for something that should've been implemented as a simple "Dismiss alert" button in the defender UI.
@eddman
Thanks for the rep. At least you figured it out. Just for information:
I don't take ownership of system files (ever)
I just use apps that can bypass permissions like Dism++ or Q-Dir Portable. Dism++ is easier to use. Q-Dir must be run as admin then system privileges must be enabled from a drop down menu.
Here's Dism++ File Explorer component. I can access and delete files - no problem.
Download Dism++ - MajorGeeks
However don't mess about with it too much because it's easy to screw things up if using the other components without understanding how or why they should be used.
That permission box doesn't appear for me.
I take ownership, do whatever it is I need to do, and then revert it to System. It has never caused problems.I don't take ownership of system files (ever)
These don't work for me; running as admin doesn't help.I just use apps that can bypass permissions like Dism++ or Q-Dir Portable. Dism++ is easier to use.