Share this article

Improve this guide

Windows Defender erroneously scans its PUP scan records

2 min. read

Updated onOctober 4, 2023

updated onOctober 4, 2023

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

Windows Defender is one of theW10 V2004components that received important upgrades. But it turns out that the security feature scans its own PUP History by default, which may lead to false alarm situations with every scan.

The May 2020 Update came with multiple security features, includingWindows Helloin safe mode. Windows Defender itself got enhancements in areas such as firmware protection to prevent bad actors from compromising devices.

Notably, Microsoft updated Windows Defender with the ability to sniff out potentially unwanted programs (PUPs).

Windows Defender flags the same PUP multiple times

Windows Defender flags the same PUP multiple times

When a PC scan identifies and neutralizes a PUP threat, you don’t expect to encounter the same PUP in future scans.

But, according to Microsoft, its Windows security tool keeps highlighting the same blockedPUPas a threat many times over. As you’d expect, other scanners don’t detect the same threat on a PC after it’s been removed.

Microsoft recentlyrevealedthe source of the problem: Windows Defender looks into its own protection history, which is where it keeps information about all detected and blocked threats. That’s how it keeps finding PUPs it has already resolved in previous scans.

It appears that the default remediation that Windows Defender applies to PUPs is to Block them, then leave them in Protection History. Windows Defender is defaulted to scan its own “Scans/History,” resulting in the discovery of thePUPover and over again.  Even though, other scanners see no evidence of thePUPon the PC.

It seems that Microsoft isn’t ready to start quarantining the PUPs. Until then, you can configureWindowsDefender not to search for PUPs in Protection History. That setting will stop the multiple false alarms.

Microsoft Edge was also updated with the ability toblock potentially unwanted apps (PUA).

Is theWindowssecurity tool flagging the samePUPmultiple times on your PC even after neutralizing the threat? You can let us know via the comments section below.

[wl_navigator]

More about the topics:Cybersecurity

Don Sharpe

Tech Journalist

Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been published on Livebitcoinnews.com, Learnbonds.com, eHow, AskMen.com, Forexminute.com, The Writers Network and a host of other companies.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Don Sharpe

Tech Journalist

Don has been writing professionally for over 10 years now, simplifying the tech universe for the mases.