Windows Defender keeps a log of the threats it has blocked. You can view the blocked items or the detected threats under protection history. The items listed there will continue to appear even if they’ve been marked for removal or quarantine. This has an unfortunate side-effect in that the Windows Defender icon in the system tray will show a yellow exclamation mark.
In order to get rid of the yellow exclamation mark, you need to clean protection history.
Clean protection history in Windows Defender
Windows Defender keeps a history of items it has detected for thirty days however, this period can be reduced, or extended. If you’re history shows items that are more than thirty-days old, you can change how long it’s kept, or you can simply delete everything. We’re going to detail both methods and it’s up to you to pick what suits you best.
1. Change protection history purge delay
In order to change how long an item is kept in your protection history, follow these steps;
- Open PowerShell with admin rights.
- Run the following command. Replace the number at the end with the number of days an item should remain in your protection history.
Set-MpPreference -ScanPurgeItemsAfterDelay 3
- After the time expires, items that are older than the set number of days will be removed from Protection History. When it is all cleared, the yellow exclamation mark from the Windows Defender icon will be removed.
2. Manually delete Protection History
If you do not feel like waiting for the Protection History to be cleared after a few days, you can manually delete everything. You will need admin rights to do this.
- Open File Explorer.
- Navigate to the following folder.
C:\ProgramData\Microsoft\Windows Defender\Scans\History
- Here, you will find a folder called ‘Services’. Delete it.
- Open Windows Defender and the protection history will be cleared. The Windows Defender system tray icon will no longer have a yellow exclamation mark.
The Services folder will automatically be recreated when Windows Defender detects a new threat.
Conclusion
The protection history log does feature active threats. When it comes to exceptionally malicious apps/files, Windows Defender will delete them automatically. The same doesn’t always hold true for low-level threats. Before you delete protection history, make sure you’ve addressed every single threat that’s been detected. If you do not remove/allow/quarantine a threat, it will reappear in Windows Defender. If the exclamation mark on the Windows Defender system tray icon doesn’t go away when you purge your protection history, try restarting your system.