Windows Security Protection History is an essential feature in Windows operating systems, especially for tracking detected threats and ensuring system safety.
By default, Windows Security Protection History is permanently saved. Under normal circumstances, the number of entries in the protection history should be minimal unless a genuine threat is detected. However, in certain situations, such as during software development, accessing restricted resources and devices can trigger numerous warnings and false positives. This can obscure genuine threat events. Therefore, clearing the history after false positives occur is often necessary.
Steps to Clean Windows Security Protection History
1. Configure Group Policy to Clear Protection History Automatically
The Local Group Policy Editor allows you to set up automatic deletion of Protection History after a specified period. Follow these steps:
- Open Group Policy Editor:
- Press
Win + Rto open the Run dialog. - Type
gpedit.mscand hit Enter.
- Press
- Navigate to the Appropriate Policy:
- Go to:
Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Scan.
- Go to:
- Enable the Policy:
- Locate “Turn on removal of items from scan history folder” and double-click to open it.
- Select Enable.
- Set the Retention Period:
- In the options, specify the number of days (e.g., 1 for one day). By default, the retention period is set to 30 days.
- Click OK to save your changes.
- Apply Changes:
- Open Command Prompt and type:
- Open Command Prompt and type:
gpupdate /force2. Adjust Protection History Retention Using PowerShell
For more control, use PowerShell to customize the retention period for Protection History.
- Open PowerShell:
- Press
Win + Xand select Windows PowerShell (Admin).
- Press
- Check Current Retention Settings:
- Enter the following command:
Get-MpPreference | Select-Object -Property ScanPurgeItemsAfterDelay- This will display the current retention period in days.
- Set a New Retention Period:
- To set a retention period, use the command:
Set-MpPreference -ScanPurgeItemsAfterDelay <number_of_days>- Replace
<number_of_days>with your preferred duration. For example, to clear logs daily:
Set-MpPreference -ScanPurgeItemsAfterDelay 1- Verification:
- Run the
Get-MpPreferencecommand again to confirm the changes.
- Run the
Manually Clear Protection History (NOT RECOMMEND)
If needed, you can also manually delete Protection History files:
- Navigate to the File Location:
- Open File Explorer and go to:
C:\ProgramData\Microsoft\Windows Defender\Scans\History.
- Open File Explorer and go to:
- Delete Files:
- Locate and delete the contents of the “Service” folder.
- Restart System:
- Restart your computer to ensure changes take effect.
Troubleshooting Tips
- Access Denied Errors: Run the File Explorer or Command Prompt as an administrator if you encounter permission issues.
- Policy Not Applying: Ensure you run
gpupdate /forceafter changing Group Policy settings. - PowerShell Issues: Verify you have administrative privileges when executing PowerShell commands.
Best Practices for Windows Security Maintenance
To maintain optimal security and performance, consider these additional tips:
- Regular Updates: Keep Windows Defender and your operating system updated.
- Scheduled Scans: Enable automatic scans to detect and remove threats promptly.
- Disk Cleanup: Use the built-in Disk Cleanup tool to remove temporary files and system clutter.
Conclusion
Windows Security Protection History is a vital tool, but managing it effectively ensures your system remains clean, efficient, and secure. By following the steps outlined above, you can automate the removal of old scan logs, customize retention periods using PowerShell, and manually clear logs when needed. Taking these measures will optimize your computer’s performance while maintaining robust security.
Leave a Reply