Skip to main content

Clear Defender scan (protection) history

Overview

About this script

This script improves your privacy on Windows.

These changes use Windows system commands to update your settings.

This script deletes the scan history kept by Microsoft Defender on your computer. Microsoft Defender logs detected threats but also gathers and stores data about various other files it scans 1 2. While removing this history enhances your privacy, it might decrease security, as these logs assist in monitoring threats. By eliminating traces of your system's files, activities and any threats detected, you ensure no residual data can be utilized to study or analyze your computer's activities, thus protecting your privacy.

Defender keeps a log of various details whenever it scans your computer for threats. This includes 3 4:

  • Time: The moment the threat was discovered.
  • Threat Status: The action carried out against the threat.
  • Virus Type: The type or category of the virus.
  • Threat ID: A unique identifier for the threat.
  • Virus Name: The name of the virus.
  • File Path: The location of the threat on your computer.
  • File Hash: A unique code representing the file.
  • Quarantine File Name (GUID): The name given to the quarantined threat.
  • File Size: The size of the file.

When you first set up Windows, it conducts an initial scan 1. This scan identifies system files that won't require future scans 1. These 'safe' files are saved in a unique folder, which becomes a part of the scan history 1.

If a threat is recognized, Microsoft Defender will notify you 4. Regardless of whether you choose to run the file or not, a DetectionHistory file is created 2. This file is stored in a specific folder (%ProgramData%\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\[numbered folder]\), and it contains a system-generated ID for the event 2.

Caution

Deleting these logs may decrease your security. These logs help in keeping track of potential threats and their sources, allowing for a more proactive response in future encounters. Without this history, Microsoft Defender might not recognize recurring threats allowing for a more proactive response in future encounters. Without this history, Microsoft Defender might not recognize recurring threats as quickly, possibly leaving your system more vulnerable. It's essential to understand that you're making a trade-off between enhanced as quickly, possibly leaving your system more vulnerable. It's essential to understand that you're making a trade-off between enhanced privacy and potentially reduced security. privacy and potentially reduced security.

This script uses Batch (batchfile) scripting language.

Not Advised

This script should only be used by advanced users. This script is not recommended for daily use as it breaks important functionality. Do not run it without having backups and system snapshots.

Implementation Details
  • Language: batch

  • Required Privileges: Administrator rights

  • Compatibility: Windows only

  • Reversibility: Some changes may be permanent

Explore Categories

This action belongs to Clear Windows log and caches category. This category configures Windows using 23 scripts. These scripts are organized in 2 categories. The category includes 4 subscripts and 1 subcategories that include more scripts and categories. Read more on category page ▶

Apply now

Choose one of three ways to apply:

  1. Automatically via privacy.sexy: The easiest and safest option.
  2. Manually by downloading: Requires downloading a file.
  3. Manually by copying: Advanced flexibility.

Alternative 1. Apply with Privacy.sexy

privacy.sexy is free and open-source application that lets securely apply this action easily.

Open privacy.sexy

privacy.sexy instructions
  1. Open or download the desktop application
  2. Search for the script name: Clear Defender scan (protection) history.
  3. Check the script by clicking on the checkbox.
  4. Click on Run button at the bottom of the page.

Alternative 2. Download

Reversible

This script is reversible, you can restore your changes to the initial/default state. The restore/revert methods provided here can help you fix issues.

If something goes wrong, use the Revert script provided above.

  1. Download the script file by clicking on the button below:

    Download script

  2. Run the script file by clicking on it.

Alternative 3. Copy

This is for advanced users. Consider automatically applying or downloading the script for simpler way.

  1. Open Command Prompt as administrator.
HELP: Step-by-step guide
  1. Click on Start menu

  2. Type cmd

  3. Right click on Command Prompt select Run as administrator

  4. Click on Yes to run Command Prompt


Animation showing how to open terminal as administrator on Windows 11

  1. Copy the following code:
Code to apply changes
:: Clear directory contents (with additional permissions) : "%ProgramData%\Microsoft\Windows Defender\Scans\History"
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""$($directoryGlob = '%ProgramData%\Microsoft\Windows Defender\Scans\History'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { "^""$($directoryGlob)*"^"" } else { "^""$($directoryGlob)\*"^"" } )"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; <# Not using `Get-Acl`/`Set-Acl` to avoid adjusting token privileges #>; $parentDirectory = [System.IO.Path]::GetDirectoryName($expandedPath); $fileName = [System.IO.Path]::GetFileName($expandedPath); if ($parentDirectory -like '*[*?]*') { throw "^""Unable to grant permissions to glob path parent directory: `"^""$parentDirectory`"^"", wildcards in parent directory are not supported by ``takeown`` and ``icacls``."^""; }; if (($fileName -ne '*') -and ($fileName -like '*[*?]*')) { throw "^""Unable to grant permissions to glob path file name: `"^""$fileName`"^"", wildcards in file name is not supported by ``takeown`` and ``icacls``."^""; }; Write-Host "^""Taking ownership of `"^""$expandedPath`"^""."^""; $cmdPath = $expandedPath; if ($cmdPath.EndsWith('\')) { $cmdPath += '\' <# Escape trailing backslash for correct handling in batch commands #>; }; $takeOwnershipCommand = "^""takeown /f `"^""$cmdPath`"^"" /a"^"" <# `icacls /setowner` does not succeed, so use `takeown` instead. #>; if (-not (Test-Path -Path "^""$expandedPath"^"" -PathType Leaf)) { $localizedYes = 'Y' <# Default 'Yes' flag (fallback) #>; try { $choiceOutput = cmd /c "^""choice <nul 2>nul"^""; if ($choiceOutput -and $choiceOutput.Length -ge 2) { $localizedYes = $choiceOutput[1]; } else { Write-Warning "^""Failed to determine localized 'Yes' character. Output: `"^""$choiceOutput`"^"""^""; }; } catch { Write-Warning "^""Failed to determine localized 'Yes' character. Error: $_"^""; }; $takeOwnershipCommand += "^"" /r /d $localizedYes"^""; }; $takeOwnershipOutput = cmd /c "^""$takeOwnershipCommand 2>&1"^"" <# `stderr` message is misleading, e.g. "^""ERROR: The system cannot find the file specified."^"" is not an error. #>; if ($LASTEXITCODE -eq 0) { Write-Host "^""Successfully took ownership of `"^""$expandedPath`"^"" (using ``$takeOwnershipCommand``)."^""; } else { Write-Host "^""Did not take ownership of `"^""$expandedPath`"^"" using ``$takeOwnershipCommand``, status code: $LASTEXITCODE, message: $takeOwnershipOutput."^""; <# Do not write as error or warning, because this can be due to missing path, it's handled in next command. #>; <# `takeown` exits with status code `1`, making it hard to handle missing path here. #>; }; Write-Host "^""Granting permissions for `"^""$expandedPath`"^""."^""; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminAccountName = $adminAccount.Value; $grantPermissionsCommand = "^""icacls `"^""$cmdPath`"^"" /grant `"^""$($adminAccountName):F`"^"" /t"^""; $icaclsOutput = cmd /c "^""$grantPermissionsCommand"^""; if ($LASTEXITCODE -eq 3) { Write-Host "^""Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."^""; exit 0; } elseif ($LASTEXITCODE -ne 0) { Write-Host "^""Take ownership message:`n$takeOwnershipOutput"^""; Write-Host "^""Grant permissions:`n$icaclsOutput"^""; Write-Warning "^""Failed to assign permissions for `"^""$expandedPath`"^"" using ``$grantPermissionsCommand``, status code: $LASTEXITCODE."^""; } else { $fileStats = $icaclsOutput | ForEach-Object { $_ -match '\d+' | Out-Null; $matches[0] } | Where-Object { $_ -ne $null } | ForEach-Object { [int]$_ }; if ($fileStats.Count -gt 0 -and ($fileStats | ForEach-Object { $_ -eq 0 } | Where-Object { $_ -eq $false }).Count -eq 0) { Write-Host "^""Skipping, no items available for deletion according to: ``$grantPermissionsCommand``."^""; exit 0; } else { Write-Host "^""Successfully granted permissions for `"^""$expandedPath`"^"" (using ``$grantPermissionsCommand``)."^""; }; }; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try { $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host "^""Successfully deleted: $($path) (already deleted)."^""; $deletedCount++; continue; }; try { Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host "^""Successfully deleted: $($path)"^""; } catch { $failedCount++; Write-Warning "^""Unable to delete $($path): $_"^""; }; }; Write-Host "^""Successfully deleted $($deletedCount) items."^""; if ($failedCount -gt 0) { Write-Warning "^""Failed to delete $($failedCount) items."^""; }"
  1. Right click on command prompt to paste it.
  2. Press Enter to apply remaining code.

Support

This website relies on your support.

Support now

Your donation helps keep the project alive and improves its content ❤️.

Share this page: