Have you received a notification that Microsoft Defender has detected a threat? Do you suspect that a virus has infiltrated your system that may corrupt your data or compromise your security? Microsoft Defender sends this notification when it detects a malicious program trying to enter your computer. You are notified beforehand, so you can take action immediately.

In this article, we'll discuss why you received this notification, where the threat is, and how to get rid of it. In addition, we'll discuss how to manage a threat effectively on Windows.

How to Check the Details of Threats Detected by Microsoft Defender

To jump into details about the threat that Microsoft Defender detected, click on the notification pop-up at the bottom-right of the screen. If the pop-up has already disappeared, follow the below steps to check the threat details:

  1. Right-click the Windows Start button and select Settings.
  2. On the left sidebar, click Privacy & security.
  3. In the right pane, click Windows Security.
  4. Click on the Open Windows Security button.
    Clicking on the Open Windows Security Button in the Windows Security Tab of the Windows Settings App
  5. In the left sidebar, click the Home tab.
  6. In the right pane, click Protection history.
    Clicking on the Protection History Option in the Home Tab of the Windows Security App

In the Protection history section, you'll find a list of all threats detected by the Microsoft Defender. There, you will find in-depth information about the most recent or older threats detected.

How to Analyze the Threat Detected by Microsoft Defender

Threat Details in the Protection History Section of Windows Security App

For a more detailed threat analysis, click on the most recent threat listed at the top of the Protection history window. Verify the date and time to ensure it is the most recent threat detected by Microsoft Defender, whose notification you recently received. After you've confirmed that it's the same threat, the following tips will help you analyze it better:

  • In the top-right corner of the threat window, you can see the severity of the threat. You'll generally find three levels there; low, high, and severe. The more severe a threat is, the more effort you should put into removing it.
  • After that, check the threat Status, which may include any of the following:
    • Removed: If Microsoft Defender detects a threat and automatically removes it, its Status will be marked as Removed. For removed threats, you do not need to run any scans. However, do so to be safe.
    • Active: As the name suggests, active threats are not automatically removed from your device. Therefore, you must manually remove them.
    • Quarantined: The term "Quarantined" refers to threats that Microsoft Defender has isolated to prevent them from spreading further and infecting your system. It's almost as if the threat is contained on your hard drive, where it will not spread. Even though they are automatically removed, you should scan the device.
    • Blocked: If Microsoft Defender marks a threat as blocked, it means that the threat has not been allowed to execute. So, click on it and see if it's active or removed. You don't need to do anything if it's removed. Remove it manually if it's active.
  • After that, you can review the threat, its classification, and what the threat is known to do on the victim's computer. Click on the Learn more link to get more information about the threat. Below that, you can see the location of the affected file.
  • Finally, you will find an Action dropdown where you can handle the threat. Based on the type and status of the threat, you can remove, quarantine, or allow it.

Now that you have a clear understanding of analyzing the threat, let's explore how to remove it effectively.

How to Remove the Threat Detected by Microsoft Defender Antivirus

While you can remove the threat directly by clicking on Remove in the Actions dropdown menu of the threat window in the Protection history section, you should perform an offline scan with Microsoft Defender to clean your device professionally.

Additionally, you should run a scan using your third-party antivirus to ensure your device is free of virus remnants - think of it as getting a second opinion on your medical reports. Hopefully, your device will be free of threats once the scans are complete.

After that, ensure that no damage has been done to your system files by the virus while it was on your computer. To do that, run an SFC scan using the steps mentioned in our guide for repairing corrupt Windows files. After the scan is complete, perform any required actions, if necessary, to ensure that the corrupted files have been repaired.

How to Deal With False Positive Threats Detected by Microsoft Defender

Sometimes, safe-to-execute files and applications are assumed as threats by Microsoft Defender, and you get the same threat warning when downloading or installing them. This leads to the question: what can you do to ensure the file you're downloading isn't infected and isn't falsely deemed a threat? Also, what can you do to avoid receiving threat alerts from Microsoft Defender while downloading it?

A reliable online virus scanner can help you determine whether the alert is real or a false alarm. So, copy the URL from which you're downloading the file, paste it on VirusTotal's URL scanner, and press Enter.

Entering the URL of the File to be Downloaded in the URL Scanner on the Virus Total Website

If the scan shows no threats, the threat alert is false, and you may safely download the file; otherwise, do not do so.

If the false threat alert prevents you from downloading the file, open Windows Security, click on the threat window, and choose Allow from the Actions menu. Doing so will whitelist the file from Microsoft Defender's scan. Once that has been done, you will not be prompted with a false threat alert when downloading the file again.

Microsoft Defender Keeps Saying Threats Found? What to Do About It

In some cases, Microsoft Defender keeps sending false notifications of threats found despite you taking adequate action. Moreover, when you check Microsoft Defender's protection history, you'll find it completely blank. Is that the case for you as well? If so, it's certainly a false alarm caused by an issue with Microsoft Defender's protection history.

The only way to stop receiving these annoying notifications is to clear Microsoft Defender's protection history. Our guide on how to clear the Microsoft Defender protection history will show you how to do that. If you want to clear the protection history completely, we recommend applying all four methods mentioned in the linked article.

Defend Your System From Threats With Microsoft Defender

Viruses lurking on your device can compromise both your security and your data. Hence, you should make sure they are removed as soon as possible. Hopefully, our article will help you better understand how Microsoft Defender's threat alerts work and how to manage them effectively. Moreover, you will now be able to distinguish real threats from false ones.