Windows Defender identifies the same threat repeatedly – how to fix?

by Jake Doe - -


Issue: Windows Defender identifies the same threat repeatedly – how to fix?

Hello. I have an ongoing issue with Microsoft Defender. It keeps displaying me a pop-up with a notification sound saying that a PUP has been found on the system. When I click details, it says that the item has been quarantined and removed. However, minutes later the same pop-up reappears. Can someone please tell me what is happening here?

Solved Answer

Windows Defender[1] is an in-built real-time antivirus program launched with Windows 10 OS. Previously known as Microsoft Security Essentials back in Windows 7, it has been offered as a separate download and has been facing difficulties in competing with the most popular AV brands. 

Windows Defender has been underrated by default and known as an inferior antivirus system by the community due to its poor past performance. A glimpse at the AV-Test back in 2013[2], it has been considered dead. However, Microsoft put much effort to resurrect the software and apparently did a great contribution since Windows Defender is currently ranking as one of the top services[3]

One of the stand-out features of the Windows Defender is the speed. Since it's an inbuilt software managed by Microsoft, it is usually optimized and updated automatically. Therefore, it is capable of running in the background of the system and perform scans without negatively affecting the system's performance. Besides, it won't ask uses to purchase full versions since it works on all licensed versions of Windows 10. 

Despite many pros that this security suite offers, the issue with ongoing Windows Defender false positives is discussed on various forums. People keep reporting Windows Defender popups reporting PUPs and other threats repeatedly even after their supposed removal. As one of the users on Reddit[4] claimed:

While Windows Defender managed to put up similar numbers to vendors like Bitdefender or Kaspersky, they have had consistently higher false positives and more importantly, the performance test showed that Windows Defender is also the most inefficient out of all of them. It uses more system resources to provide the same (sometimes less) protection. 

According to the reports, Windows Defender popup notification usually reports about PUP/Optional, PUP/trojan, BrowserModifier:Win32/SupTab!blnk[5], and similar threats. These may be real cyber threats negatively affecting the system, thus performing a full scan and eliminating the PUPs is recommended. 

Windows Defender i identifying the same threat repeatedly

However, what it Windows Defender identifies the same threat repeatedly and keeps popping up after their quarantine and removal? In this case, the detection may be a false positive, meaning that there's no malware on the machine. However, some legitimate files or software may lack a digital certificate or mismatch definitions. Nevertheless, it's advisable to rely on a third-party security tool and double-check whether any issues on the system detected. 

According to experts, Windows Defender turned to be extremely sensitive in terms of PUP detection upon the release of the Windows Defender Advanced Threat Protection (ATP) software. This package relies on machine-learning models, behavior-based detection algorithms, and heuristics to analyze suspicious files in a quick manner. While essentially that's a great scheme for protection, it often causes inconveniences due to false-positive detections and intrusive Windows Defender alerts[6] flagging the same threats again and again. 

The culprit of Windows Defender repeated reports on the same PUPs can be related to suspicious browser-based extensions. In other words, if you have had malware on the system, which has been eliminated some time ago, but the web browser's settings haven't been unchanged, Windows defender may be flagging suspicious browser-based behavior this way. 

Another possible reason why Windows Defender keeps displaying false positives may be related to the Windows Defender cache. The software is known for storing logs of the scan results, quarantined items, and removed threats. Consequently, when you perform a full system scan, the tool may be scanning itself and detect its logs as a potential threat. 

Therefore, if you are facing this issue, you can try to fix Windows Defender identifying the same PUP as a threat in several ways and we'll explain each of them separately. 

Fix Windows Defender Identifies the same PUP as a threat repeatedly 

Fix it now! Fix it now!
To repair damaged system, you have to purchase the licensed version of Reimage Reimage.

This issue is rather intrusive as Windows Defender warning may pop up frequently, and sometimes the popup may be accompanied by a warning sound effect. Luckily, there are several methods that can help to bypass these false detections.

1. Delete Windows Defender history

Fix it now! Fix it now!
To repair damaged system, you have to purchase the licensed version of Reimage Reimage.

The PUP you are notified about may be present in Windows Defender history only. If the details on the popup itself say that the item has been quarantined and removed, you should remove the entries in Windows Defender protection history. This may work since this AV tool is programmed so scan its own Scans/History, thus resulting in the discovery of the same PUPs over and over again. 

  • Press Windows key + R to open the Run dialog.
  • Copy and paste the below-given path to the Run dialog, and hit Enter

    C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History

  • Right-click on the Service folder in the location that has just opened and select Delete. 
  • Close File Explorer. 

Fix Windows Defender false possitives

  • Now press Windows key + I and open Windows Security. 
  • Select Virus & Threat Protection option on the left pane and open Manage settings option. 
  • Slide a toggle to Off and then return back to On. 

If this method did not work, then you can delete the history via the Event Viewer:

  • Press Windows key + R to open the Run dialog.
  • Type eventvwr and press Enter
  • Find the Applications and Services log on the left pane and expand it. 
  • Now find the Microsoft option and double-click on it. 
  • Click on Windows to open the list of its files and scroll down to find Windows Defender. 
  • Right-click on Windows Defender option and select Open. 

Repeated PUP detections by Windows Defender

  • Right-click on Operational and then select Open to view all logs. 
  • Under the Windows Defender folder (left pane), right-click on Operational. 
  • Select Clear Log option. 
  • Finally, click Clear or Save and Clear to approve the option. 

2. Prevent Windows Defender from scanning its Scans/History

Fix it now! Fix it now!
To repair damaged system, you have to purchase the licensed version of Reimage Reimage.

To fix Windows Defender constantly detecting non-existing threats, stop its AV engine from scanning its own scan history. For this purpose, you should:

  • Press Windows key + I to open Settings. 
  • Open Virus & Threat Protection settings.
  • Click the Manage settings option and scroll down until you find Exclusions. 
  • Select Add or remove exclusions option.
  • Select Add an exclusion and select Folder. 

Fix Windows Defender alerts

  • Now navigate to the following location:

    C:>Program Data>Microsoft>Windows Defender>Scans>History.

  • Click on History and then Select Folder.

3.  Clear browser cache

Fix it now! Fix it now!
To repair damaged system, you have to purchase the licensed version of Reimage Reimage.

If, however, the Windows Defender false positive detection fix provided above did not help, we recommend you to address browser-based extensions or rather a browser cache. First of all, check if the browser that you are using has not potentially dangerous extensions listed. If you cannot find any suspicious extensions, add-ons, or another browser-based content, try to clear browser cache:

Clear Cache on Google Chrome:

  • Open the web browser.
  • Click on the three vertical dots at the top-right corner of the page. 
  • Open Settings and select Advanced. 
  • Then select Privacy and security.
  • Click Clear browsing data or History
  • Open History and select Clear browsing data or More tools. 

Clean browser cache

  • Finally, click Clear browsing data. 

If you are using another web browser, you can find an explicit guide on how to clear browsing data on a dedicated article submitted by our researchers.  

Repair your Errors automatically team is trying to do its best to help users find the best solutions for eliminating their errors. If you don't want to struggle with manual repair techniques, please use the automatic software. All recommended products have been tested and approved by our professionals. Tools that you can use to fix your error are listed bellow:

do it now!
Download Fix
do it now!
Download Fix
Compatible with Microsoft Windows Compatible with OS X
Still having problems?
If you failed to fix your error using Reimage, reach our support team for help. Please, let us know all details that you think we should know about your problem.
Reimage - a patented specialized Windows repair program. It will diagnose your damaged PC. It will scan all System Files, DLLs and Registry Keys that have been damaged by security threats.Reimage - a patented specialized Mac OS X repair program. It will diagnose your damaged computer. It will scan all System Files and Registry Keys that have been damaged by security threats.
This patented repair process uses a database of 25 million components that can replace any damaged or missing file on user's computer.
To repair damaged system, you have to purchase the licensed version of Reimage malware removal tool.

Prevent websites, ISP, and other parties from tracking you

Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.

A VPN is also crucial when it comes to user privacy. Online trackers such as cookies can not only be used by social media platforms and other websites but also your Internet Service Provider and the government. Even if you apply the most secure settings via your web browser, you can still be tracked via apps that you are connected to the internet. Besides, privacy-focused browsers like Tor is are not an optimal choice due to diminished connection speed.

Therefore, to stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous, prevent trackers, ads, as well as malicious content. Most importantly, you will prevent the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.


Recover your lost files quickly

Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can decide to reboot the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost.

Additionally, you might also be attacked by malware that can corrupt your Windows or encrypt files with a robust encryption algorithm, and ask for a ransom in Bitcoin for the decryption tool. Cybercriminals might not deliver what they promised, however, so it is better to attempt alternative file recovery methods that could help you to retrieve at least some portion of the lost data.

Data recovery software is one of the options that could help you recover your files. Once you delete a file, it does not vanish into thin air – it remains on your system as long as no new data is written on top of it. Data Recovery Pro is recovery software that searchers for working copies of deleted files within your hard drive. By using the tool, you can prevent loss of valuable documents, school work, personal pictures, and other crucial files.

About the author
Jake Doe
Jake Doe - Computer technology geek

Jake Doe is a News Editor at Ugetfix. Since he met Ugnius Kiguolis in 2003, they both launched several projects that spread awareness about cybercrimes, malware, and other computer-related problems.

Contact Jake Doe
About the company Esolutions


What you can add more about the problem: "Windows Defender identifies the same threat repeatedly – how to fix?"