Windows Defender threats

[Sharpman85]

I have a simple, maybe even stupid, question. If Defender finds a threat and displays it on the summary view after scanning and I rescan will it also be displayed it will only new ones show up while the old ones will remain in protection history?

[OddOod]

Not 100% certain, but I think that if it quarantines it, it won't get rescanned unless you've set some very strange config 
Though a lot of the things WinDef flags on my machine just get nuked, not merely quarantined. 

[Pusbucket]

17 minutes ago, OddOod said:

Not 100% certain, but I think that if it quarantines it, it won't get rescanned unless you've set some very strange config 
Though a lot of the things WinDef flags on my machine just get nuked, not merely quarantined. 

In my experience if something a known and verified threat, Defender nukes it.

If it falls into the nebulous PUP category you are given options concerning how to handle them.

26 minutes ago, Sharpman85 said:

I have a simple, maybe even stupid, question. If Defender finds a threat and displays it on the summary view after scanning and I rescan will it also be displayed it will only new ones show up while the old ones will remain in protection history?

I don't think it shows things already quarantined.

[Sharpman85]

I most likely got a false positive as the same file on two different sources was identified once as Trojan:Win32/Wacatac.B!ml and the second time as Program:Win32/Wacapew.C!ml. That was an ancient file and it was found during a routine scan of an old hard drive so nothing was ran on this PC. I can reinstall for good measure just to be sure but defender reports the threats as removed and initially they were stopped.

Full and offline defender scans show nothing else.

[OddOod]

19 hours ago, Sharpman85 said:

 That was an ancient file and it was found during a routine scan of an old hard drive so nothing was ran on this PC. 

You're almost certainly safe. If you're really worried, you can use a Restore Point, but you're probably fine.
Dumb story time:
Ages ago a friend asked if I could pull some of his personal docs off an old work laptop SSD. I plugged the thing in and Windows basically locked up for 5 minutes from all the Defender notifications it was throwing. Given that Buddy worked for a *HIGH* power (and more than a little shady) law firm, I pulled a report and sent it off to him to share with their IT security. They were very interested. When they got back to me (2 months later) they tracked it down to one of the times Buddy had to check his carry on into China and thanked me for explaining a breach attempt they had. Fun times. All I ended up doing was running a full scan, restoring to the restore point I manually created right before installing the drive, and scanning again. That tower has been humming along just fine ever since. 
Oh, and of course I grabbed the pics and docs Buddy needed. 

[Sharpman85]

On 7/29/2025 at 3:29 PM, OddOod said:

You're almost certainly safe. If you're really worried, you can use a Restore Point, but you're probably fine.
Dumb story time:
Ages ago a friend asked if I could pull some of his personal docs off an old work laptop SSD. I plugged the thing in and Windows basically locked up for 5 minutes from all the Defender notifications it was throwing. Given that Buddy worked for a *HIGH* power (and more than a little shady) law firm, I pulled a report and sent it off to him to share with their IT security. They were very interested. When they got back to me (2 months later) they tracked it down to one of the times Buddy had to check his carry on into China and thanked me for explaining a breach attempt they had. Fun times. All I ended up doing was running a full scan, restoring to the restore point I manually created right before installing the drive, and scanning again. That tower has been humming along just fine ever since. 
Oh, and of course I grabbed the pics and docs Buddy needed. 

Thank you for the explanation.