First, an admission. I do occasionally use the CCleaner and the MiniTool Partition Wizard (MTPW) installers. Yes, I know they include “bundleware” elements that Defender flags as “potentially unwanted programs” (PUPs). In fact, until you clear the threat history and exclude that history from future scans, Defender keeps reporting them ad infinitum. Sigh. As I worked my way through a UGetFix.com article yesterday on my Lenovo X390 Yoga I learned multiple methods clear Defender threat history. In fact, when none of the article’s methods worked for me, a spin on one of them did the trick.
[Note] The lead-in graphic for this story shows a Defender warning for a “potentially unwanted application” (PUA) from another bundleware instance. That one comes from the Unlocker program (it’s always been a little dicey, which is why I provide a MajorGeeks download link). Use at your own risk.
Enumerating Multiple Methods Clear Defender Threat History
The UGetFix.com article is entitled “Windows Defender identifies the same threat repeatedly — how to fix?” It works readers through three separate methods:
- Delete the Service folder within the following Windows folder:
C:\ProgramData\Microsoft\Windows Defender\Scans\History. This is where Defender keeps its logs and threat history info. There’s an alternate method based on Event Viewer described in the article as well to clear the history log.
- Prevent Defender from scanning the history file. This occurs in Manage Settings inside Virus & Threat Protection in Defender, under the Exclusions heading. By excluding the preceding folder specification, you stop Defender from repeating warnings based on its own history files.
- Clear Browser Caches: YMMV on this one, depending on the browsers you use. I’ll let you puzzle these efforts out for yourselves, from the help systems built into each browser.
As I said, none of the methods worked for me. What did work, was a variation on Item number 1 above. I was unable to delete the Service folder. It came back as “locked by Windows Defender.” What I was able to do, however, was to navigate within the Service folder and edit the history.log file using NotePad++ to delete its contents. I also found a series of two-digit-numbered folders with various history files inside (named 01, 02 and so forth) that I was able to delete (and did so).
After that maneuver, the annoying multiple repetitions of PUP warnings for the CCleaner (version 5.77) and MTPW (version 12.03) installers disappeared. I used Everything to check my systems and make sure the offending files were no longer present, too. It’s only the installers that include bundleware. Once deleted and flushed, they no longer pose any threat.
Concluding Unscientific Rantlet
It’s weird that Defender triggers PUA/PUP warnings from the contents of its own history file. Even when the files that legitimately trigger an alert on a Windows 10 PC are no longer present, the same alerts still trigger — repeatedly! My plea to the Defender development team is that they automatically exclude the history file from scans by default so as to further insulate users from this small but vexing gotcha.