ClearDefenderHistory
Clear Windows Defender History Files
ClearDefenderHistory.cmd clears the Windows Defender “Protection history” by creating a RunOnce entry in HKLM that clears the Windows Defender log folder on next restart of the computer.
Note: Previous versions of this script were able to clear the history without a restart. A change to Windows Defender security in the Spring of 2024 broke the previous method. Until a better method is found, a restart is now required.
Purpose
Some people may want to run this script just to clean things up and not see old detections under Protection history. For others, it fixes an issue where Defender continues to throw a false positive even after new definitions have been installed that should eliminate the detection.
How to Download and Run
- Download the zip file using the link above.
- Extract ClearDefenderHistory.cmd.
- Right-click ClearDefenderHistory.cmd, select Properties, check Unblock, and click OK.
- Double-click ClearDefenderHistory.cmd to run it. You will get a UAC prompt, unless you are already running it from an elevated console.
- If you skipped step 3, then just click Run when you get the security warning.
Note: Some antivirus software may falsely detect the download as a virus. This can happen any time you download a new script and may require extra steps to whitelist the file.