This post shows students and new users steps to change how long Windows Security Protection history events are retained in Windows 11.
The Protection history page in the Windows Security app is where you can view actions that Microsoft Defender Antivirus has taken, including Potentially Unwanted Apps that have been removed or critical services that are turned off.
By default, Protection history only retains events for two weeks, after which they’ll disappear from this page.
You can change how long to keep or retain items in the scan history folder, after which Microsoft Defender removes expired events.
If you specify the value zero ( 0 ), events are never automatically removed by retaining indefinitely.
Below is how to change how long Protection history events are kept in the Windows Security app when using Windows 11
How to change Windows Security Protection history events removal in Windows 11
As mentioned, Protection history only retains events for two weeks, after which they’ll disappear from this page.
However, you can change how long to keep or retain Protection history events or choose not to remove them automatically.
Below is how to do that:
Using PowerShell, open as administrator, then run the commands below to view the current purge settings for Protection history in Windows Security.
Get-MpPreference | Select-Object -Property ScanPurgeItemsAfterDelay
By default, it’s set to 15.
To change how long Protection history events are retained, run the format of the command below:
Set-MpPreference -ScanPurgeItemsAfterDelay <days>
Replace <days> with the number of days to retain Protection history events.
- 15 days = Default.
- 0 days = Protection history events will not automatically be removed.
The screenshot below shows a command to retain the Protection history events for 100 days.
That should do it!
This post showed you how to change how long Windows Security Protection history events are retained in Windows 11.
Please use the comment form below if you find any errors above or have something to add.