Geek Rewind

Change Windows 11 Security Event Retention

This post shows students and new users steps to change how long Windows Security Protection history events are retained in Windows 11.

The Protection history page in the Windows Security app is where you can view actions that Microsoft Defender Antivirus has taken, including Potentially Unwanted Apps removed or critical services turned off.

By default, Protection history only retains events for two weeks, after which they’ll disappear from this page.

You can change how long it takes to keep or retain items in the scan history folder, after which Microsoft Defender removes expired events.

If you specify the value zero ( 0 ), events are never automatically removed by retaining indefinitely.

Below is how to change how long Protection history events are kept in the Windows Security app when using Windows 11

How to change Windows Security Protection history events removal in Windows 11

As mentioned, Protection history only retains events for two weeks, after which they’ll disappear from this page.

However, you can change how long to keep or retain Protection history events or choose not to remove them automatically.

Below is how to do that:

Using PowerShell, open as administrator, then run the commands below to view the current purge settings for Protection history in Windows Security.

Get-MpPreference | Select-Object -Property ScanPurgeItemsAfterDelay

By default, it’s set to 15.

Windows 11 Protection history overview screen

To change how long Protection history events are retained, run the format of the command below:

Set-MpPreference -ScanPurgeItemsAfterDelay <days>

Replace <days> with the number of days to retain Protection history events.

  • 15 days = Default.
  • 0 days = Protection history events will not automatically be removed.

The screenshot below shows a command to retain the Protection history events for 100 days.

Changing Windows Security Protection history event logs

That should do it!

Conclusion:

  • The Windows Security app in Windows 11 allows users to view actions taken by Microsoft Defender Antivirus, such as removing Potentially Unwanted Apps or turning off critical services, via the Protection history page.
  • By default, Protection history retains events for two weeks before disappearing from the page, but users can modify this setting.
  • Using PowerShell, users can change the duration for retaining Protection history events, even opting to never automatically remove them by specifying a value of 0.

Frequently Asked Questions

How can I change the retention period for Windows Security Protection history events?

You can change the retention period by using PowerShell. Open PowerShell as an administrator and run the command 'Set-MpPreference -ScanPurgeItemsAfterDelay ', replacing with the number of days you want to retain the events.

What is the default retention period for Protection history events in Windows 11?

By default, Protection history events in Windows 11 are retained for 15 days. After this period, the events will automatically disappear from the Protection history page.

Can I set the Protection history events to never be removed?

Yes, you can set the retention period to zero (0) days, which means that Protection history events will not be automatically removed and will be retained indefinitely.

What command do I use to check the current purge settings for Protection history?

To check the current purge settings, open PowerShell as an administrator and run the command 'Get-MpPreference | Select-Object -Property ScanPurgeItemsAfterDelay'. This will show you the current setting for how long events are retained.

What actions can I view in the Windows Security Protection history?

In the Windows Security Protection history, you can view actions taken by Microsoft Defender Antivirus, such as the removal of Potentially Unwanted Apps and the disabling of critical services. This helps you track the security measures taken on your device.

Categories:

Tags:

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *