Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
ConfigureDefender utility for Windows 10/11
Message
<blockquote data-quote="Andy Ful" data-source="post: 953721" data-attributes="member: 32260"><p> <ol> <li data-xf-list-type="ol">Deleting the folder:<br /> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\"<br /> removes the detection events from Defender's History. But, blocked events like those related to ASR rules are not removed. The ConfigureDefender Log does not change at all.</li> <li data-xf-list-type="ol">Emptying the Event Log:</li> </ol><p></p><p>[ATTACH=full]260028[/ATTACH]</p><p></p><p>...<strong> <span style="color: rgb(0, 168, 133)">removes all entries from ConfigureDefender's Log</span></strong> but does not remove any entries from Defender's History.</p><p></p><p>********************************************</p><p></p><p><strong>There is a way to clear the Defender History</strong>. One has to stop temporarily Defender service and:</p><ol> <li data-xf-list-type="ol">Delete the file: "c:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db"<br /> This will remove the ASR entries from Defender's History.</li> <li data-xf-list-type="ol">Delete the folder:<br /> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\"<br /> This will remove other entries from Defender's History.</li> </ol><p>Stopping Defender service requires Trusted Installer privileges, so one has to use Defender Control (Sordum.org) or <s>AdvancedRun (Nirsoft.net)</s>.</p><p>One can remove these files also using the recovery CMD shell.</p><p></p><p>Edit1.</p><p>I noticed that it is not necessary to delete all files and subfolders in the folder:</p><p>"C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\"</p><p>Deleting the subfolder "DetectionHistory" is enough.</p><p></p><p>Edit2 (August 2022)</p><p>Advanced Run method is currently blocked by Defender.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 953721, member: 32260"] [LIST=1] [*]Deleting the folder: "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\" removes the detection events from Defender's History. But, blocked events like those related to ASR rules are not removed. The ConfigureDefender Log does not change at all. [*]Emptying the Event Log: [/LIST] [ATTACH type="full" alt="1628108787124.png"]260028[/ATTACH] ...[B] [COLOR=rgb(0, 168, 133)]removes all entries from ConfigureDefender's Log[/COLOR][/B] but does not remove any entries from Defender's History. ******************************************** [B]There is a way to clear the Defender History[/B]. One has to stop temporarily Defender service and: [LIST=1] [*]Delete the file: "c:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db" This will remove the ASR entries from Defender's History. [*]Delete the folder: "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\" This will remove other entries from Defender's History. [/LIST] Stopping Defender service requires Trusted Installer privileges, so one has to use Defender Control (Sordum.org) or [S]AdvancedRun (Nirsoft.net)[/S]. One can remove these files also using the recovery CMD shell. Edit1. I noticed that it is not necessary to delete all files and subfolders in the folder: "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\" Deleting the subfolder "DetectionHistory" is enough. Edit2 (August 2022) Advanced Run method is currently blocked by Defender. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
