Windows Defender Shows the Same Threat Repeatedly in Windows 10

After installing Windows 10 version 2004, some users are facing a problem where Windows Defender repeatedly warns about the same threat. This may happen even though you’ve taken the necessary action (remediated) on the last threat.

When you click “Start actions” after choosing “Remove”, nothing would happen. Windows Defender would keep showing that non-existent threat.

This is caused by a bug in Windows Defender that causes it to read the earlier items recorded in the Windows Defender Protection History and warn the user repeatedly.

Fix: Windows Defender Shows the Same Threat Repeatedly

To prevent the repeated PUP/PUA or Trojan warnings issued by Windows Defender Security in Windows 10 v2004, use one of the following methods:

Delete the Windows Defender protection history folder

Delete the Windows Defender Protection History information by following these steps:

1. Open File Explorer, and navigate to the following folder:

   C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service

   It’s better to paste the above path in Explorer’s address bar or the Run dialog to access the folder directly rather than navigating to it manually, just in case it’s a hidden folder.

2. In the Service folder, delete the subfolder named DetectionHistory.
3. Restart Windows and do a full system scan using Windows Defender.

The repeat notifications for the previously detected (and remediated) threats won’t show up again. Note that if a new PUP or trojan is loaded on your system and detected by Windows Defender, you’ll have to redo the above steps again.

Windows Defender’s Protection History page should be empty now:

Clear Protection History automatically

To make Windows Defender automatically clear the Protection history on a daily basis, or after a certain number of days, you can use the following PowerShell command.

1. Open PowerShell as administrator.
2. Run the following command and press Enter:

   Set-MpPreference -ScanPurgeItemsAfterDelay 1

   In the above example, 1 is the number of days after which the protection log and items in the log folder will be cleared automatically.

   The ScanPurgeItemsAfterDelay setting specifies the number of days to keep items in the scan history folder. After this time, Windows Defender removes the items. If you specify a value of zero, Windows Defender does not remove items. If you do not specify a value, Windows Defender removes items from the scan history folder after the default length of time, which is 30 days.

   If Microsoft fixes the repeated detection issue later on, and you wish to revert the setting to the Windows Defender default setting, run:

   Set-MpPreference -ScanPurgeItemsAfterDelay 15

   To view the current ScanPurgeItemsAfterDelay setting, run these two commands in a PowerShell window.

   $Preferences = Get-MpPreference
   $Preferences.ScanPurgeItemsAfterDelay

3. Close PowerShell.

Add the Protection History folder to exclusions

Another way to stop Windows Defender’s repeated alerts on the same threat is to add the Windows Defender’s protection history folder to the list of excluded folders.

1. Open Windows Defender Security settings.
2. Click Virus & Threat Protection.
3. Click Manage settings.
4. Scroll down to Exclusions.
5. Select Add or remove exclusions
6. Select Add an exclusion. Choose Folder.
7. In the browse dialog box, enter the following folder:

   C:\ProgramData\Microsoft\Windows Defender\Scans\History

8. Click Select Folder.

Windows Defender should no longer scan the protection history folder and thereby would stop the repeat alerts. The above methods are simply workarounds (not fixes) that you can use until Microsoft addresses this issue.

Editor’s note: Don’t forget to reverse your settings after Microsoft fixes this bug in a future update.