Advice Request Protection History crashes

Please provide comments and solutions that are helpful to the author of this topic.

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
After something odd happening last week ( either an infection or Windows getting messed up ), protection history for WD tab just crashes after 1-2 secs.

Has anyone had something similar ? where does WD keep the protection history logs so that they can be reviewed independently of WD's UI ?
 

Lemon60

Level 2
Jun 11, 2019
71
Yep, WD UI very useless.

Start CMD with admin and;

del "%systemdrive%\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\*"

If still same, start CMD from troubleshoot and;

del "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db"
 

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,632

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
Yep, WD UI very useless.

Start CMD with admin and;

del "%systemdrive%\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\*"

If still same, start CMD from troubleshoot and;

del "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db"

Thanks!, also how do I view the history? I'm worried it may be an infection (*) so I wouldn't mind looking at the history before deleting it ?

(*) I had some other weird things after connecting to a hotel wifi, this, gfx drivers got messed up, an odd message from 1PW etc - no scanner returns any infection but WD's log would help me rule it anything nasty going on
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
You can restore some folders (look modified date). But if u already delete all folders, you should run full scan. bonus: also you can use npe&malwarebytes&hitman.

I haven't deleted anything yet, but I don't see an obvious way to see protection history in a readable format from there.

I've done 2nd opinion scans with Emsisoft Emergency Kit, ESET Web and Kaspersky ( also Kaspersky rootkit scanner ) -- nothing came up.
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
I use ConfigureDefender and there's an option called Defender Security Log to view the protection logs in a notepad file.

Thanks for this - I only see events since yesterday ( a lot of events were generated because I reinstalled drivers ), while the possible incident happened on Saturday. I wonder is this trimming of the logs natural or it could be that something deleted the logs ? @Andy Ful if you are aware, let me know !
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,106
Thanks for this - I only see events since yesterday ( a lot of events were generated because I reinstalled drivers ), while the possible incident happened on Saturday. I wonder is this trimming of the logs natural or it could be that something deleted the logs ? @Andy Ful if you are aware, let me know !
Defender Security Log in ConfigureDefender shows the last 200 entries. If you want more entries then you can use the H_C or create the custom view in the Windows Event Viewer (the useful event IDs are enumerated in the ConfigureDefender Help).
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
Defender Security Log in ConfigureDefender shows the last 200 entries. If you want more entries then you can use the H_C or create the custom view in the Windows Event Viewer (the useful event IDs are enumerated in the ConfigureDefender Help).

Thanks Andy, I'm really surprised then how it manages to crash with just 200 entries to parse, MS has plenty engineers that know how to parse a file properly, this protection history crash is one that should really not had come out with a release from a company such as Microsoft..
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,106
Thanks Andy, I'm really surprised then how it manages to crash with just 200 entries to parse, MS has plenty engineers that know how to parse a file properly, this protection history crash is one that should really not had come out with a release from a company such as Microsoft..
The 200 entries limit is hardcoded by me in ConfigureDefender. I do not know how many entries can be visible via WD History feature in Windows Security Center.
But, you are probably right that the crash of WD History feature can be caused by too many entries.(y)
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,096
WSC crashes when checking protection history in SUA but works fine in AA. I used Powershell to have it delete after 7 days. I have many, many CFA events so this may be the reason. And clearing Protection History does not seem to affect these. I tried all the suggestions listed here and from searches but nothing works. Still crashing. I think only a clean install will fix this.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,106
WSC crashes when checking protection history in SUA but works fine in AA. I used Powershell to have it delete after 7 days. I have many, many CFA events so this may be the reason. And clearing Protection History does not seem to affect these. I tried all the suggestions listed here and from searches but nothing works. Still crashing. I think only a clean install will fix this.
That worked for me:
https://malwaretips.com/threads/configuredefender-utility-for-windows-10.79039/post-837954
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
I never got the time to try any of the suggestions here.
Just wanted to say, protection history started working today, on its own, without me doing anything. Gotta love Windows :unsure:
Probably something got trimmed on its own and it can load the history again
 
  • Like
Reactions: Nevi and oldschool

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,096
I never got the time to try any of the suggestions here.
Just wanted to say, protection history started working today, on its own, without me doing anything. Gotta love Windows :unsure:
Probably something got trimmed on its own and it can load the history again

Protection history clears itself by default @ 90 day intervals, if my memory is correct, but the interval may be changed via Powershell if you like. Or maybe the crash issue was solved with a Windows update.?? :unsure:
 
  • Like
Reactions: Nevi and Burrito

notapotatoe

New Member
Feb 9, 2021
1
Yep, WD UI very useless.

Start CMD with admin and;

del "%systemdrive%\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\*"

If still same, start CMD from troubleshoot and;

del "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db"
it says : The process cannot access the file because it is being used by another process.
what should i do?
 
  • Like
Reactions: Nevi

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,106
it says : The process cannot access the file because it is being used by another process.
what should i do?
The solution was already included in my previous post:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top