Accidentally Allowed a Threat in Windows Defender. What to do now?

When Microsoft Defender Antivirus finds a virus, it asks you what action to take on the threat. The options are “Remove”, “Quarantine”, and “Allow on device”.

You may wonder:

  1. What happens if you’ve accidentally clicked “Allow” instead of “Remove”?
  2. What happens to the “allowed” threat? Will Microsoft Defender Antivirus redetect the item during the next scan?


If you accidentally allow a threat, Microsoft Defender stores the setting (Threat ID) in the registry. The file won’t be flagged when you run it in the future or during a system scan. This poses a big security risk.

You may also see the note “This threat or app has been allowed and will not be remediated in the future” in the Windows Security user interface.

Resolution

To resolve the issue, please undo your choice by opening Windows Security → Virus and Threat protection → “Allowed Threats.”

In the “Allowed threats” page, click the “Don’t allow” button for the program(s) you accidentally allowed to run.

Defender Allowed Threats reset

Do this for each threat for which you inadvertently the “Allow” button.



And then remediate the threat by clicking “Remove” or “Quarantine” and click “Start actions”.

Using PowerShell to reset the Allowed threat listing

To bulk delete the allowed threats listing, use PowerShell (admin).

In PowerShell admin, run the following commands:

$ThreatIds = (Get-MpPreference).ThreatIDDefaultAction_Ids

Foreach ($ThreatId in $ThreatIds) { Remove-MpPreference -ThreatIDDefaultAction_Ids $ThreatId -Verbose }

That’s it. It clears the “Allowed threats” listing automatically.


One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support. It won't take more than 10 seconds of your time. The share buttons are right below. :)

Ramesh Srinivasan is passionate about Microsoft technologies and he has been a consecutive ten-time recipient of the Microsoft Most Valuable Professional award in the Windows Shell/Desktop Experience category, from 2003 to 2012. He loves to troubleshoot and write about Windows. Ramesh founded Winhelponline.com in 2005.

Leave a Reply