Windows Defender erroneously scans its PUP scan records

by Don Sharpe
Don Sharpe
Don Sharpe
Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been... read more
Affiliate Disclosure
  • Windows Defender keeps flagging the same blocked PUP as a threat many times over.
  • Excluding protection history from Windows Defender's scans solves the problem. 
  • To discover more solutions to common and advanced PC security threats, check out this Windows 10 security section.
  • You can catch up with the latest cybersecurity news and updates by visit the Update & Security page regularly!
Windows Defender PUP false alarms
To fix various PC problems, we recommend DriverFix:
This software will keep your drivers up and running, thus keeping you safe from common computer errors and hardware failure. Check all your drivers now in 3 easy steps:

  1. Download DriverFix (verified download file).
  2. Click Start Scan to find all problematic drivers.
  3. Click Update Drivers to get new versions and avoid system malfunctionings.
  • DriverFix has been downloaded by 0 readers this month.

Windows Defender is one of the W10 V2004 components that received important upgrades. But it turns out that the security feature scans its own PUP History by default, which may lead to false alarm situations with every scan.

The May 2020 Update came with multiple security features, including Windows Hello in safe mode. Windows Defender itself got enhancements in areas such as firmware protection to prevent bad actors from compromising devices.

Notably, Microsoft updated Windows Defender with the ability to sniff out potentially unwanted programs (PUPs).

Windows Defender flags the same PUP multiple times

When a PC scan identifies and neutralizes a PUP threat, you don’t expect to encounter the same PUP in future scans.

But, according to Microsoft, its Windows security tool keeps highlighting the same blocked PUP as a threat many times over. As you’d expect, other scanners don’t detect the same threat on a PC after it’s been removed.

Microsoft recently revealed the source of the problem: Windows Defender looks into its own protection history, which is where it keeps information about all detected and blocked threats. That’s how it keeps finding PUPs it has already resolved in previous scans.

It appears that the default remediation that Windows Defender applies to PUPs is to Block them, then leave them in Protection History. Windows Defender is defaulted to scan its own “Scans/History,” resulting in the discovery of the PUP over and over again.  Even though, other scanners see no evidence of the PUP on the PC.

It seems that Microsoft isn’t ready to start quarantining the PUPs. Until then, you can configure Windows Defender not to search for PUPs in Protection History. That setting will stop the multiple false alarms.

Microsoft Edge was also updated with the ability to block potentially unwanted apps (PUA).

Is the Windows security tool flagging the same PUP multiple times on your PC even after neutralizing the threat? You can let us know via the comments section below.

Still having issues? Fix them with this tool:


If the advices above haven't solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

This article covers:Topics: