Windows Defender Shows the Same Threat Repeatedly. How to Clear the Protection History

On some Windows 10 and 11 computers, Microsoft Defender Antivirus may repeatedly warn about the same threat, although you’ve taken the necessary action (remediated) on that threat.

windows defender same threat repeatedly

When you click “Start actions” after choosing “Remove”, nothing happens. Windows Defender would keep showing that non-existent threat.


This is caused by a bug in Windows Defender that causes it to read the earlier items recorded in the Windows Defender Protection History and repeatedly warn the user.

The Windows Security Protection History page (windowsdefender://fullhistory/) shows the list of threats detected on the computer and each threat has a corresponding “Actions” button.

The Protection History page also lists the items blocked by Controlled Folder Access, Attack Surface Reduction Rules, and the threats detected during the Windows Defender Offline scan.

defender protection history page

We’ll see how to clear the protection history in Windows Security on Windows 10 and 11.


To prevent Microsoft Defender Antivirus from warning you about remediated threats, reset the Protection history. Use one of the following methods:

Option 1: Delete the Defender protection history folder

Delete the Windows Defender Protection History information by following these steps:

  1. Start Windows in Safe mode. See How to Start Windows 10 or 11 in Safe Mode for more information.
  2. Right-click Start, and click Run.
  3. Copy the following folder path and paste it into the Run box, and click OK.
    C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory

    It’s better to paste the above path in Explorer’s address bar or the Run dialog to access the folder directly rather than navigating to it manually, in case it’s a hidden folder. Alternatively, you can open the folder by pasting the path in Explorer address bar and pressing Enter.
    detectionhistory folder path in explorer address bar or Run

  4. Delete the entire contents of the DetectionHistory folder. Each subfolder contains details about a past threat.

    detectionhistory folder contents

    Note: If you can’t delete the “DetectionHistory” folder due to the “Access denied” error, ensure you’ve booted into Safe mode. You should be able to delete the folder via Safe mode.

  5. Restart Windows.

The repeat notifications for the previously detected and remediated threats won’t show up again.

Windows Defender’s Protection History page should now be empty.

windows defender same threat repeatedly - pup or trojan

Option 2: Configure Defender to Automatically Clear the History

To make Windows Defender automatically clear the Protection history on a daily basis, or after a certain number of days, use the following PowerShell command.

  1. Open PowerShell as administrator.
  2. Run the following command and press Enter:
    Set-MpPreference -ScanPurgeItemsAfterDelay 1

    In the above example, 1 is the number of days after which the protection log and items in the log folder will be cleared automatically.

    The ScanPurgeItemsAfterDelay setting specifies the number of days to keep items in the scan history folder. After this time, Windows Defender removes the items. If you specify a value of zero, Windows Defender does not remove items. If you do not specify a value, Windows Defender removes items from the scan history folder after the default length of time, which is 30 days.

    If Microsoft fixes the repeated detection issue later on, and you wish to revert the setting to the Windows Defender default setting, run:

    Set-MpPreference -ScanPurgeItemsAfterDelay 15

    To view the current ScanPurgeItemsAfterDelay setting, run the following command in PowerShell.

  3. Close PowerShell.

Option 3: Add the Protection History folder to exclusions

Another way to stop Windows Defender’s repeated alerts on the same threat is to add the Windows Defender’s protection history folder to the list of excluded folders.

  1. Open Windows Defender Security settings.
  2. Click Virus & Threat Protection.
  3. Click Manage settings.
  4. Scroll down to Exclusions.
  5. Select Add or remove exclusions
  6. Select Add an exclusion. Choose Folder.
  7. In the browse dialog box, enter the following folder:
    C:\ProgramData\Microsoft\Windows Defender\Scans\History
  8. Click Select Folder.

Windows Defender should no longer scan the protection history folder and thereby would stop the repeat alerts.

One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support. It won't take more than 10 seconds of your time. The share buttons are right below. :)

Ramesh Srinivasan is passionate about Microsoft technologies and he has been a consecutive ten-time recipient of the Microsoft Most Valuable Professional award in the Windows Shell/Desktop Experience category, from 2003 to 2012. He loves to troubleshoot and write about Windows. Ramesh founded in 2005.

6 thoughts on “Windows Defender Shows the Same Threat Repeatedly. How to Clear the Protection History”

  1. Thanks a lot, first I couldn`t find ProgramData, but then I allowed it in Control Panel, and all your steps works ! Later I hide again ProgramData but bug stays fixed. 🙂

  2. I have an allowed threat that Windows Defender has been reporting daily for a week…ugh. The main problem is Windows 11 won’t allow access to the Windows Defender Scans folder, neither within Windows nor even with an elevated (Administrator) command prompt, so I can’t delete the scan history. I am trying your ScanPurgeItemsAfterDelay and crossing my fingers. We’ll see….

    • @David: If you can’t delete the “DetectionHistory” folder due to the “Access denied” error, please try to delete the folder from Safe mode. See How to Start Windows 10 or 11 in Safe Mode.

  3. Ramesh’s easiest fix ScanPurgeItemsAfterDelay 1 worked like a charm and I subsequently did ScanPurgeItemsAfterDelay 15 to revert to Windows Defender default setting, as suggested. Booting into safe mode in order to delete the Detection History folder is another option but not necessary for me. Much appreciated to be rid of the annoying Defender allowed threat nag 🙂


Leave a Comment