Windows Antivirus keeps a record of the threats it has blocked. To get rid of the yellow exclamation mark, you need to clear Windows Defender history and here we will see how to do it.
You can see blocked items or detected threats in the Windows Defender protection history . Items will continue to appear there even if they have been marked for deletion or quarantine. This has a side effect, as the Windows Defender icon in the system tray will display a yellow exclamation point.
Clear Windows Defender history
Windows Defender keeps the items it has detected in its history for thirty days, which can be shortened or extended. If items that are older than thirty days are displayed, you can change how long they are kept or you can simply delete the entire history. We will detail both methods and it is up to you to choose what suits you best.
1. Change history duration
To set or change how long an item is kept in the protection history, follow these steps:
Open PowerShell with administrator rights.
Run the following command, replacing the number at the end with the number of days an item should remain in your protection history.
Set-MpPreference -ScanPurgeItemsAfterDelay 3
In this example we have set a duration of 3 days to preserve the items in the history. After the time expires, items that are older than the number you set will be removed from the protection history.
Then when the history is completely clean, the yellow exclamation mark will be removed from the Windows Defender icon.
2. Clear Windows Defender history manually
If you don’t want to wait several days for your Protection History to clear, you can delete everything manually. You need administrator rights to do it, and you must follow these steps:
Open File Explorer, and go to the following folder.
C: \ ProgramData \ Microsoft \ Windows Defender \ Scans \ History
Here you will find and you must delete the folder called ” Service “.
After deleting the folder, open Windows Defender and the protection history will be cleared.
The Service folder will be re-created automatically when Windows Defender detects a new threat. The system tray icon will no longer have a yellow exclamation mark.
Remember that the protection history also shows active threats. Windows Defender automatically removes highly malicious files or applications, which is not always the case with low-level threats.
For this reason, before deleting your protection history, make sure to fix all active threats. If you don’t remove, allow, or quarantine a threat, it will reappear in Windows Defender.