Display all threats that Windows Defender detected with WinDefLogView
WinDefLogView is a new portable application by Nirsoft. The program displays information about recent threats that the default Windows security solution detected.
While it is possible to check detected threats elsewhere, doing so requires quite a few clicks in the Windows Security app. The way results are displayed is also not ideal for getting a quick overview of recent threats.
WinDefLogView is a typical Nirsoft application. It is small in size and portable. Just download the archive from the Nirsoft website, extract it on the system, and run the executable file to launch the app. The program is compatible with Microsoft's Windows 10 and 11 operating systems only, but it may be run on older versions of Windows, e.g., Windows 7, to display information from remote systems running Windows 10 or 11.
The interface displays all detected threats in a table. Each line lists the filename, detection name, threat name, severity, category, action, origin, process name and more. A click on a column header sorts the listing accordingly, e.g., by date or severity.
The shortcut Ctrl-F or the selection of Edit > Find displays a search option to filter based in input; this is useful if lots of threats are displayed. The selection of File > Choose data source enables you to retrieve the data from remote computer systems or external folders.
The right-click menu displays several options. The most interesting opens the threat URL on Microsoft's website, which offers additional information on the detected threat.
WinDefLogView is a threat viewer, which means that it does not offer any options to react to the threats it displays. Some or all lines can be exported to the local system in several formats, including CSV, JSON and XML. Items can also be copied directly using CTRL-C. The copied items can then be pasted into spreadsheet applications such as Excel.
Description on Nirsoft's website:
WinDefLogView is a tool for Windows 10 and Windows 11 that reads the event log of Windows Defender (Microsoft-Windows-Windows Defender/Operational) and displays a log of threats detected by Windows Defender on your system. For every log line, the following information is displayed: Filename, Detect Time, Threat Name, Severity, Category, Detection User, Action, Origin, and more...
You can view the detected threats log on your local computer, on remote computers on your network, and on external disk plugged to your computer.
Closing Words
WinDefLogView is a useful application, as it provides a quick view of all detected Windows Defender threats. While it does not support threat actions, it may point users in the right direction immediately without having to use the cumbersome Windows Security application.
Now You: do you use Windows Defender?
Uh, yeah, no. You just need to download your cracked grames from a reputable torrent site. Rarbg is legit, and only reputable release groups upload there. I’m in my 30s, employed as a CISO, and at home run M365 Defender E5 w/ Endpoint P2. I like to game and always download a cracked version to try out for a day or two before buying it on Steam/Epic/etc. I have my Defender policy set to not evaluate for PUAs, and it never throws a hit on games from RAR, even games created by MS themselves. However, on the occasions where I got the game from a big mainstream site like TPB, and I mounted the ISO for install, Defender detected malware and blocked it about a second after the new drive appeared. Yes, obviously it’s one of the best Enterprise Tier protection suites on the market and isn’t free, but it keeps all my devices free from State Actor Grade attacks.
If you have a position, or even have 1-2 degrees of separation to someone who has access to data desireable to foreign adversaries or criminals, and you think common sense can protect you then you’re just a useful idiot and an inspection of your devices would find spyware in spades. Its entire purpose is to not be noticed and ensure you think nothing is wrong. Semi-ironically, many samples of Russian malware will rapidly defuse crude viruses or adware if it detects a variant that is known to alert the victim to its presence thereby increasing the chances of an unprotected system becoming a protected one, like after a ransomware attack for example.
Especially NOW, of all times, where the number of cyber attacks on the West has spiked several fold, PLEASE don’t tell people that common sense keeps them safe. That is literally the very definition of social engineering’s tactics: How can we get these people to exercise ‘common sense’ therein leading them right into their system getting compromised? Geez.
I mean, if your country’s President announced a new policy in the fight against cyber attacks — and it was, “We’re going to do nothing, we’ll just fight fire with common sense, whether it’s your house ablaze or the whole city burning down, common sense will win this fight and protect us all.” Do you actually think that would turn out well? Eh, I dunno… but probably… um, not?
@Mike
Wow. I don’t download anything, I don’t install illegal things, I only use the same websites for my surfing needs with an up to date browser and an updated OS..And you lose your s**t. Completely. I get lectured about government spies, President announcements and my city burning down because I don’t use military grade operating system protection. =) You were typing all that from the safety of your bunker in the desert, wearing tactical underwear and munchin’ on your daily ration of tomato soup didn’t you? Hysterically paranoid, SCARED people are not only funny but ultimately very very sad people. Get some help man. Do it before the feds find you. Or the aliens.
Here’s a free, dumb but simple and effective, trick against Russian malware: Install the Russian language pack on your computer. It really is that dumb, the malware will scan your computer to make sure it’s not Russian but it sees your language file and leaves you alone. Russian do not like it when their bombs explode in their own home.
Kinda useless since windows defender never finds anything other than my modified hosts menu and the only warnings one ever sees from defender is to turn on things you turned off. So I fixed it, I have completely disabled Windows Defender on my computers. It protects nothing than itself. It slows down computers and it has to die. I use NO antivirus on Windows, have done so these last 10 years. Common sense is my AV, updated browser with adblocking, custom hosts file and the best protection there is: Do NOT let your son use your computer EVER. Sons install cracked games on ANY computer they get their hands on “just to make sure that it REALLY CAN’T run that game” oh there’s always that pimplefaced friend who KNOWS how to install that and that and that program FOR FREE.. meaning there’s a million viruses on your computer in notime, but hey at least you got Microsoft Office and Photoshop now! FREEEEEEEEE! Kids are Hell. Kids are Satan.
@Lord God Almighty King
Wait unto they enter the hell of hells of puberty. Were these my kids? And then listen to a poem of Charles Bukovski.
Hahahaha. Kids are Satan! Hahaha.
I completely agree.
Everything for them is for fun.
Nothing is dangerous;
Until they get thrown through the gates of hell!
“doing so requires quite a few clicks in the Windows Security app”
Defender is not only a pain to configure, but it is too intrusive and a watchdog for anything Microsoft doesn’t feel you should be doing. It’ll undo entries in your hosts file & it’ll undo firewall changes it doesn’t like. The list can go on. One of the main reasons I still use a 3rd party AV (eset) is that I get back some level of control.
It will be more useful if Windows Defender has an option to delete the whole history! :[
Useful tool for those who keep Defender. Windows Defender is the first thing I strip out of Windows. I don’t need Microsoft looking at my files and tell me what I can’t run on my own device.
I do but I don’t like it telling whoever it sends my data to everything it comes across.
Many legitimate programs are flagged as threats just because M$ doesn’t want you using them. Most everything from Nirsoft since you mentioned it.
So I offer the following tip
“How to clear protection history.”
Delete the folder ‘C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service’.
After deleting the folder Service, turn off Cloud Protection then turn off real-time protection.
Now turn back on Real-Time protection and then Cloud protection.
@Tachy Then use a Firewall if you don’t want your information to be sent to Microsoft…. You can even use a 3rd party firewall that will not whitelist stuff automatically like when a store app gest updated.
Also, if you are using defender, then… whitelist the obvious places where NirSoft software will be flagged.
Antivirus or malware have done the same for years and years, they get people’s information and then whitelist or blacklist a file… it’s not a crime, but if you don’t want that behavior then turn everything off in Defender settings and never unblock it from the firewall, because it is not necessary for it to work.
The Defender whitelist doesn’t work. You can add directories or files to it, but it will still scan them and delete your files.