View Windows Security protection history on your Windows 11 device to review the detected threats and whitelist false positives.
Windows Security is one of the best protection for your Windows 11 device out there. It protects your device from all kinds of threats regularly. Mostly, it does its job in the background by quietly scanning your PC and it only notifies you when it finds a threat.
The protection history is a part of the Windows Security app that keeps reports of all the threats and malicious activities detected by the program. The feature comes in exceptionally handy if you ever wish to review the complete threat activity. You can also use it to allow a specific activity to run if it was a false positive. There are a couple of ways you can view it in Windows 11.
Use Windows Security App to View Protection History
Viewing the protection history is simple and doesn’t require you to hop through a charade of menus.
First, head to the Start Menu and type Security to perform a search for it. Then, click on the ‘Windows Security’ tile from the search results to proceed.
Next, click the ‘Protection History’ tab on the left of the Windows Security window to continue.
If the list includes a number of options, you can also filter them using the ‘Filter’ tab. You can filter the options by ‘Recommendation’, ‘Quarantined Items’, ‘Cleaned Items’, ‘Blocked Actions’, or ‘Severity’ of the threat.
In case you wish to allow a blocked activity, click on the tile and then click on the ‘Action’ button. Then, hit on the ‘Allow’ button.
View Protection History Using PowerShell
If you prefer the PowerShell over the GUI to control and manage your PC, Windows has got your back here as well.
First, head to the Start Menu and type Terminal to perform a search for it. Next, right-click on the ‘Windows Terminal’ tile and select the ‘Run as administrator’ option to proceed.
Then, if you are not logged in with an admin account, provide the credentials for one. Otherwise, click on the ‘Yes’ button on UAC (User Account Control) window to continue.
Now, on the PowerShell tab, type or copy+paste the below-mentioned code and hit Enter on your keyboard to execute it. This will display the history of all threats.
Note: If the command returns no list/value, it simply means there is no protection history. This could be due to a third-party antivirus installed on your system that manages your device’s real-time protection.
Moreover, if you wish to see only active and past malware detections, type or copy+paste the following code mentioned below.
There you go, folks. You can easily monitor past threats to see if they have been removed or not. You can also view any false positives detected by Windows Security by viewing the protection history.