Windows Defender erroneously scans its PUP scan records

Reading time icon 2 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • Windows Defender keeps flagging the same blocked PUP as a threat many times over.
  • Excluding protection history from Windows Defender's scans solves the problem. 
  • To discover more solutions to common and advanced PC security threats, check out this Windows 10 security section.
  • You can catch up with the latest cybersecurity news and updates by visit the Update & Security page regularly!
Windows Defender PUP false alarms

Windows Defender is one of the W10 V2004 components that received important upgrades. But it turns out that the security feature scans its own PUP History by default, which may lead to false alarm situations with every scan.

The May 2020 Update came with multiple security features, including Windows Hello in safe mode. Windows Defender itself got enhancements in areas such as firmware protection to prevent bad actors from compromising devices.

Notably, Microsoft updated Windows Defender with the ability to sniff out potentially unwanted programs (PUPs).

Windows Defender flags the same PUP multiple times

When a PC scan identifies and neutralizes a PUP threat, you don’t expect to encounter the same PUP in future scans.

But, according to Microsoft, its Windows security tool keeps highlighting the same blocked PUP as a threat many times over. As you’d expect, other scanners don’t detect the same threat on a PC after it’s been removed.

Microsoft recently revealed the source of the problem: Windows Defender looks into its own protection history, which is where it keeps information about all detected and blocked threats. That’s how it keeps finding PUPs it has already resolved in previous scans.

It appears that the default remediation that Windows Defender applies to PUPs is to Block them, then leave them in Protection History. Windows Defender is defaulted to scan its own “Scans/History,” resulting in the discovery of the PUP over and over again.  Even though, other scanners see no evidence of the PUP on the PC.

It seems that Microsoft isn’t ready to start quarantining the PUPs. Until then, you can configure Windows Defender not to search for PUPs in Protection History. That setting will stop the multiple false alarms.

Microsoft Edge was also updated with the ability to block potentially unwanted apps (PUA).

Is the Windows security tool flagging the same PUP multiple times on your PC even after neutralizing the threat? You can let us know via the comments section below.


More about the topics: Cybersecurity