News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Ghacks report Defender bug

    Home Forums AskWoody blog Ghacks report Defender bug

    Viewing 11 reply threads
    • Author
      Posts
      • #2362905
        Susan Bradley
        Manager

        Susan Bradley Patch Lady

        3 users thanked author for this post.
      • #2362915
        TonyS
        AskWoody Plus

        I’m seeing 1500 files totaling  11Mb

        Engine Version: 1.1.18100.5

        Should I delete the files in the folder or await an engine update (I’m not short of disk space)

        Win10 20H2 Pro, MBAM Premium, PaleMoon, OpenOffice, Sumatra PDF.
        • #2362916
          Susan Bradley
          Manager

          That’s nothing, I’d just leave it.  I don’t consider 11 MB huge.

          Susan Bradley Patch Lady

          1 user thanked author for this post.
        • #2362946
          Alex5723
          AskWoody Plus

          There is a update out 1.1.18100.6

          2 users thanked author for this post.
        • #2362952
          SteveTree
          AskWoody Lounger

          Susan is correct about the disk space consumed being small small.  If you read Martin Brinkmann’s article, linked by Susan, you will find your answer.

          Group A (but Telemetry disabled Tasks and Registry)
          Win 7 64 Pro desktop
          Win 10 64 Home portable

          • #2362954
            TonyS
            AskWoody Plus

            I did read the article. I was just reporting back and awaiting an engine update. As I said, I have no problem with disk space but others might not take the time to read ghacks and may need to know if they can delete 🙂

            Win10 20H2 Pro, MBAM Premium, PaleMoon, OpenOffice, Sumatra PDF.
            • #2363018
              dph853
              AskWoody Plus

              You do not need to wait. There is an engine update being distributed. Check for defender updates from within windows defender itself. You might have to click the check button twice before the larger engine update downloads.

      • #2362919
        CADesertRat
        AskWoody Plus

        I have Win Defender engine version 18100.5 on 20H2 and there are only 3 files present so I guess this bug only affects certain machines.

        Defender-files

        Don't take yourself so seriously, no one else does 🙂
        All W10 Pro at 21H1,(2 Desktops, 1 Laptop).

      • #2362926
        lmacri
        AskWoody Plus

        Hi Susan:

        I use MS Defender v4.18.2103.7 (with the suspected engine v1.1.18100.5) as my primary AV along with Malwarebytes Premium v4.3.0.98 as a secondary layer of protection (Settings | Security | Windows Security Center | Always Register Malwarebytes in the Windows Security Center | OFF) and don’t see this problem. Similar to TonyS’ report in post # 2362915, my C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store folder currently holds 3,179 files but only uses 2.6 MB of the allocated 12.4 MB of disk space, and all those files were created yesterday (04-May-2021).

        Win-10-Pro-v20H2-TreeSize-v4_4_2-No-Win-Defender-Scans-Accumulating-in-History-05-May-2021

        I saw a “You don’t currently have permission to access this folder” warning when I tried to view this hidden folder in File Explorer so I’ve attached an image from TreeSize Free Portable v4.4.2.514.
        ———-
        64-bit Win 10 Pro v20H2 build 19042.928 * Firefox v88.0 * Microsoft Defender v4.18.2103.7 * Malwarebytes Premium v4.3.0.98-1.0.1273

        • #2362939
          RetiredGeek
          AskWoody MVP

          Same settings as IMCARI here with this result.

          NoDefenderBugHere
          HTH 😎

          May the Forces of good computing be with you!

          RG

          PowerShell & VBA Rule!
          Computer Specs

          • #2362972
            CADesertRat
            AskWoody Plus

            RG, looks like you have the exact same Defender files and date that I show. Defender is my only AV.

            Don't take yourself so seriously, no one else does 🙂
            All W10 Pro at 21H1,(2 Desktops, 1 Laptop).

        • #2363392
          lmacri
          AskWoody Plus

          Hi Susan:

          My Microsoft Defender scan engine updated to v1.1.18100.6 some time around the morning of 06-May-2021 and I’m only seeing 3 files now that take up 2.4 MB of space (i.e., not the 3,179 small files shown above in post # 2362926 when I had scan engine v1.1.18100.5). While I was still using engine v1.1.18100.5 these thousands of small files used up less than 3.0 MB of disk space in the C:\ProgramData\Microsoft\Windows Defender Scans\History\Store folder so I wasn’t seeing the GBs of disk space used on some other systems, but it does appear now that something was not quite right on my system with the previous v1.1.18100.5 scan engine.

          Win-10-Pro-v20H2-TreeSize-v4_4_2-Win-Defender-Eng-1_1_18100_6-3-Files-in-History-Store-07-May-2021

          I should also note that it took a a while after my scan engine updated to v1.1.18100.6 before the file count dropped from 3,179 to 3 in that in that folder. When I checked last night on 06-May-2021, for example, that folder still had ~ 400 files (most dated 04-May-2021 and 05-May-2021) that have now disappeared.
          ———-
          64-bit Win 10 Pro v20H2 build 19042.928 * Firefox v88.0.1 * Microsoft Defender v4.18.2103.7 * Malwarebytes Premium v4.3.0.98-1.0.1292

      • #2362951
        SB9K
        AskWoody Lounger

        Engine 1.1.18100.5

        About 750 files for the last 18 months until about a week and a half ago. Then starting April 26th, over 7400 new files.

        So I guess I’ll be emptying that folder occasionally until it is fixed.

        Gaming Rig: Windows 8.1 Pro
        Work Desktop: Linux Mint Cinnamon 20.1
        Notebook (guinea pig): Whatever flavor of Linux I tried last
        File Server: TurnKey Linux
      • #2362953
        Alex5723
        AskWoody Plus

        Susan is correct about the disk space consumed being small small.  If you read Martin Brinkmann’s article, linked by Susan, you will find your answer.

        Very small ?

        “More than 10,800 items were placed in the folder on a test system running Windows 10 version 20H2. Other users reported over 950,000 files over the course of a 24 hour period and 30 Gigabytes of storage occupied by the files.”

        1 user thanked author for this post.
      • #2363014
        opti1
        AskWoody Plus

        Unrelated to this issue and probably purely coincidence I guess but who knows . . .

        Yesterday I ran the April Windows Updates on two of our three remaining non-ESU Win7 PCs. Both received Security Intelligence Update for Windows Defender Antivirus – KB915597 (Version 1.337.491.0), 15.3 MB. The install failed on both PCs with an error that I don’t recall. Retry also failed on both PCs. So I ran Check for Updates again and this time KB915597 came down a second time on both PCs as 58.4 MB, same version info, and installed successfully on both PCs.

        I had never had this issue with KB915597 before.

      • #2363030
        anonymous
        Guest

        On my Win10 Pro machine: Daily update Win Defender; also daily update my Cisco Immunet. My Defender version is the ‘fixed” one mentioned in the article. Only 3 files in that folder.
        …..
        You folks ought to take a look at Cisco Immunet. With Cisco’s name on it, I figure it should be good enough to take anything the Net throws at it. Have been running it 4 – 5 months, with -0- complaints. Silent; low profile in the background; unobtrusive. I understand it supports a variety of OS’s; when I switch exclusively to my Ubuntu Linux later this month, will see how it really does on Linux. You see: There ~is~ a good world beyond M$; and it includes Linux certainly. Cheers !!

      • #2363082
        DrBonzo
        AskWoody Plus

        I’ve got 2 Win 8.1 Pro x64 computers both running Defender as their only AV. Both had 1.1.18100.5 as their engine. One machine was fine, the other was generating files like crazy – probably a few hundred every couple minutes. I updated through Defender and got the new engine 1.1.18100.6 and a new set of definitions 1.339.42.0. That stopped the file generation. But, while Defender said the update resulted in the engine and definitions just stated, Windows Update said the update failed. I waited about an hour, did another update through Defender and got definitions 1.339,48.0; Windows Update said the update was successful. The previous definitions were .337, so it appears Defender still doesn’t like going from an old to new series of definitions. (See https://www.askwoody.com/forums/topic/defender-update-download-error/ for some discussion of this problem.) But for W8.1 the new 1.1.18100.6 engine does indeed fix the problem which is the topic of this thread.

        1 user thanked author for this post.
      • #2363091
        E Pericoloso Sporgersi
        AskWoody Plus

        About C:ProgramDataMicrosoftWindows DefenderScansHistoryStore

        I have 4,748 items in that Store. About 1/8 of 1 KB, the rest 2 KB, except 1 of 6,197 KB and 1 of 645 KB.
        I haven’t the faintest idea whether this is normal or not, or any reason for concern.

        I took a screenshot of TreeSize’s view of C:ProgramDataMicrosoftWindows DefenderScans for your information. In passing I also added a question. I wonder what you (Susan et al.) make of it.

        2021-05-06_103721

        Maybe ask Mark Russinovich?


        1 user thanked author for this post.
        • #2363097
          Paul
          AskWoody Lounger

          Like Dr Bonzo, I also got messages that my attempts to update the Defender engine from 1.1.18100.5 to 1.1.18100.6 had failed. (Win10 Pro X64 Lenovo Thinkpad T450.)  But the messages were wrong.  The engine had updated.  I deleted 2,833 files in C:\\ProgramData\Microsoft\Windows Defender\Scans\History\Store.  Now, 24 hours later with 1.1.18100.6, there are only 6 files in that directory.  Defender now shows definitions version 1.339.53.0.

          1 user thanked author for this post.
      • #2363363
        Save_Us_from_MS
        AskWoody Lounger

        updated to v1.1.18100.6 and rebooted but the thousands of files were still there! had to manually delete them…

        Windows 1909

      • #2363396
        DrBonzo
        AskWoody Plus

        If you have Win7 and are running MS Security Essentials you might want to make sure your engine is updated to 1.1.18100.6. It should be if you are updating the definitions.

        I’ve got 3 computers running W7 that I turn on only once per week to keep the browsers and MSE updated, just in case.

        It’s a bit hard to tell but it seems that there were quite a few files (about 20) all generated within minutes after the last startup (yesterday). Go to C:\programdata\Microsoft\MicrosoftAntimalware\scans\history\store to check, although most of the generated files were just below the ‘scans’ folder in the above path.

    Viewing 11 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: Ghacks report Defender bug

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.