Windows Windows 11 How-To

How to View Windows Security Protection History in Windows 11

View Windows Security protection history on your Windows 11 device to review the detected threats and whitelist false positives.

View Windows Security protection history on your Windows 11 device to review the detected threats and whitelist false positives.

by Parth Sawhney

Being aware of your system’s security activities is essential for maintaining a safe computing environment in Windows 11. By accessing the protection history, you can review all the threats that Windows Security has detected and the actions taken against them. This is especially helpful if you need to address false positives or ensure that previous threats have been resolved. This guide will walk you through how to view your protection history using the Windows Security app and PowerShell.

View protection history using Windows Security app

Open the Start Menu and type Security in the search bar. Click on the ‘Windows Security’ app from the search results to launch it.
In the Windows Security window, select ‘Protection history’ from the left-hand menu to access the list of detected threats and actions taken.
If there are multiple entries, you can filter them by clicking on the ‘Filter’ option. This allows you to sort the history by ‘Recommendation’, ‘Quarantined items’, ‘Cleaned items’, ‘Blocked actions’, or by the ‘Severity’ of the threats.
To allow a blocked action that you believe is safe, click on the specific entry in the list. Then, click the ‘Action’ button and choose ‘Allow’ to permit the activity.

View protection history using PowerShell

Open the Start Menu and type Terminal in the search field. Right-click on ‘Windows Terminal’ from the results and select ‘Run as administrator’ to open it with administrative privileges.
If prompted by the User Account Control (UAC), click ‘Yes’ to grant permission. If you’re not signed in as an administrator, enter the administrator credentials when asked.
In the PowerShell tab of the Windows Terminal, type or paste the following command and press Enter to execute it. This command will display the history of all threats detected by Windows Security.
Get-MpThreat

Note: If the command doesn’t return any results, it may indicate that there is no protection history. This can occur if a third-party antivirus program is managing your system’s real-time protection.

To view only active and past malware detections, execute the following command in PowerShell:
Get-MpThreatDetection

By regularly checking your protection history, you can keep track of threats that have been handled by Windows Security and address any false positives that may require your attention.

Keep reading

More from Windows

All Windows guides →