How to clear protection history in Windows 10
Windows Defender keeps a log of the threats it has blocked. You can view blocked items or detected threats in the protection history. Items listed there will continue to appear even if they have been marked for deletion or quarantine. This has an unfortunate side effect in that the Windows Defender icon in the system tray will display a yellow exclamation mark.
In order to get rid of the yellow exclamation mark, you need to clean up the protection history.
Clean up protection history in Windows Defender
Windows Defender keeps a history of detected items for thirty days, but this period can be reduced or extended. If your history shows items that are more than thirty days old, you can change the retention period or you can just delete everything. We’ll go into both methods in detail, and it’s up to you to decide which one works best for you.
1. Change the protection history purge time
To change how long an item is kept in your protection history, follow these steps:
- Open PowerShell with administrator rights.
- Run the next command. Replace number at end with the number of days that an item should remain in your protection history.
Set-MpPreference -ScanPurgeItemsAfterDelay 3
- After the deadline expires, items older than the set number of days will be deleted from the protection history. When everything is cleared, the yellow exclamation mark on the Windows Defender icon will be removed.
2. Manually delete protection history
If you don’t feel like waiting for the protection history to clear after a few days, you can manually delete everything. You will need administrator rights to do this.
- Open File Explorer.
- Navigate to the following folder.
- Here you will find a folder called ‘Services’. Delete it.
- Open Windows Defender and protection history will be erased. The Windows Defender system tray icon will no longer have a yellow exclamation mark.
The Services folder will be automatically recreated when Windows Defender detects a new threat.
The protection history log contains active threats. When it comes to exceptionally malicious apps / files, Windows Defender will automatically remove them. The same is not always the case with low level threats. Before deleting the protection history, make sure that you have addressed all the threats detected. If you don’t remove / allow / quarantine a threat, it will reappear in Windows Defender. If the exclamation mark on the Windows Defender system tray icon does not disappear when you purge your protection history, try restarting your system.