Advice Request Protection History crashes

[notabot]

After something odd happening last week ( either an infection or Windows getting messed up ), protection history for WD tab just crashes after 1-2 secs.

Has anyone had something similar ? where does WD keep the protection history logs so that they can be reviewed independently of WD's UI ?

 

[Lemon60]

Yep, WD UI very useless.

Start CMD with admin and;

del "%systemdrive%\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\*"

If still same, start CMD from troubleshoot and;

del "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db"

 

[Gandalf_The_Grey]

A possible solution posted here: Protection History Crash by ardat1:

Also i found solution. Just delete all files in 'C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service'

EDIT: is the same solution as @matrixlord gave

 

[SeriousHoax]

Start CMD with admin and;

del "%systemdrive%\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\*"

A possible solution posted here: Protection History Crash by ardat1:

EDIT: is the same solution as @matrixlord gave

Before applying this solution you need to turn off Tamper Protection

 

[notabot]

Yep, WD UI very useless.

Start CMD with admin and;

del "%systemdrive%\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\*"

If still same, start CMD from troubleshoot and;

del "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db"

Thanks!, also how do I view the history? I'm worried it may be an infection (*) so I wouldn't mind looking at the history before deleting it ?

(*) I had some other weird things after connecting to a hotel wifi, this, gfx drivers got messed up, an odd message from 1PW etc - no scanner returns any infection but WD's log would help me rule it anything nasty going on

 

[Lemon60]

You can restore some folders (look modified date). But if u already delete all folders, you should run full scan. bonus: also you can use npe&malwarebytes&hitman.

 

[notabot]

You can restore some folders (look modified date). But if u already delete all folders, you should run full scan. bonus: also you can use npe&malwarebytes&hitman.

I haven't deleted anything yet, but I don't see an obvious way to see protection history in a readable format from there.

I've done 2nd opinion scans with Emsisoft Emergency Kit, ESET Web and Kaspersky ( also Kaspersky rootkit scanner ) -- nothing came up.

 

[Protomartyr]

I use ConfigureDefender and there's an option called Defender Security Log to view the protection logs in a notepad file.

 

[notabot]

I use ConfigureDefender and there's an option called Defender Security Log to view the protection logs in a notepad file.

Thanks for this - I only see events since yesterday ( a lot of events were generated because I reinstalled drivers ), while the possible incident happened on Saturday. I wonder is this trimming of the logs natural or it could be that something deleted the logs ? @Andy Ful if you are aware, let me know !

 

[Andy Ful]

Thanks for this - I only see events since yesterday ( a lot of events were generated because I reinstalled drivers ), while the possible incident happened on Saturday. I wonder is this trimming of the logs natural or it could be that something deleted the logs ? @Andy Ful if you are aware, let me know !

Defender Security Log in ConfigureDefender shows the last 200 entries. If you want more entries then you can use the H_C or create the custom view in the Windows Event Viewer (the useful event IDs are enumerated in the ConfigureDefender Help).

 

[notabot]

Defender Security Log in ConfigureDefender shows the last 200 entries. If you want more entries then you can use the H_C or create the custom view in the Windows Event Viewer (the useful event IDs are enumerated in the ConfigureDefender Help).

Thanks Andy, I'm really surprised then how it manages to crash with just 200 entries to parse, MS has plenty engineers that know how to parse a file properly, this protection history crash is one that should really not had come out with a release from a company such as Microsoft..

 

[Andy Ful]

Thanks Andy, I'm really surprised then how it manages to crash with just 200 entries to parse, MS has plenty engineers that know how to parse a file properly, this protection history crash is one that should really not had come out with a release from a company such as Microsoft..

The 200 entries limit is hardcoded by me in ConfigureDefender. I do not know how many entries can be visible via WD History feature in Windows Security Center.
But, you are probably right that the crash of WD History feature can be caused by too many entries.

 

[oldschool]

WSC crashes when checking protection history in SUA but works fine in AA. I used Powershell to have it delete after 7 days. I have many, many CFA events so this may be the reason. And clearing Protection History does not seem to affect these. I tried all the suggestions listed here and from searches but nothing works. Still crashing. I think only a clean install will fix this.

 

[Andy Ful]

WSC crashes when checking protection history in SUA but works fine in AA. I used Powershell to have it delete after 7 days. I have many, many CFA events so this may be the reason. And clearing Protection History does not seem to affect these. I tried all the suggestions listed here and from searches but nothing works. Still crashing. I think only a clean install will fix this.

That worked for me:
https://malwaretips.com/threads/configuredefender-utility-for-windows-10.79039/post-837954

Download Defender Control 1.6

Download Defender Control - Disable Windows Defender and avert conflicts with other antivirus solutions you have installed on your computer via this intuitive utility

www.softpedia.com

 

[notabot]

I never got the time to try any of the suggestions here.
Just wanted to say, protection history started working today, on its own, without me doing anything. Gotta love Windows
Probably something got trimmed on its own and it can load the history again

 

[oldschool]

I never got the time to try any of the suggestions here.
Just wanted to say, protection history started working today, on its own, without me doing anything. Gotta love Windows
Probably something got trimmed on its own and it can load the history again

Protection history clears itself by default @ 90 day intervals, if my memory is correct, but the interval may be changed via Powershell if you like. Or maybe the crash issue was solved with a Windows update.??

 

[notapotatoe]

Yep, WD UI very useless.

Start CMD with admin and;

del "%systemdrive%\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\*"

If still same, start CMD from troubleshoot and;

del "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db"

it says : The process cannot access the file because it is being used by another process.
what should i do?

 

[SeriousHoax]

it says : The process cannot access the file because it is being used by another process.
what should i do?

Disable "Tamper protection", then do what was suggested above and after that enable Tamper protection again.

 

[helpmeimasd]

it says
is not recognized as an internal or external command,
operable program or batch file.

 

[Andy Ful]

it says : The process cannot access the file because it is being used by another process.
what should i do?

The solution was already included in my previous post:

Advice Request - Protection History crashes

After something odd happening last week ( either an infection or Windows getting messed up ), protection history for WD tab just crashes after 1-2 secs. Has anyone had something similar ? where does WD keep the protection history logs so that they can be reviewed independently of WD's UI ?

malwaretips.com