When Microsoft Defender Antivirus finds a virus, it asks you what action to take on the threat. The options are “Remove”, “Quarantine”, and “Allow on device”.
You may wonder:
- What happens if you’ve accidentally clicked “Allow” instead of “Remove”?
- What happens to the “allowed” threat? Will Microsoft Defender Antivirus redetect the item during the next scan?
If you accidentally allow a threat, Microsoft Defender stores the setting (Threat ID) in the registry. The file won’t be flagged when you run it in the future or during a system scan. This poses a big security risk.
You may also see the note “This threat or app has been allowed and will not be remediated in the future” in the Windows Security user interface.
Resolution
To resolve the issue, please undo your choice by opening Windows Security → Virus and Threat protection → “Allowed Threats.”
In the “Allowed threats” page, click the “Don’t allow” button for the program(s) you accidentally allowed to run.
Do this for each threat for which you inadvertently the “Allow” button.
And then remediate the threat by clicking “Remove” or “Quarantine” and click “Start actions”.
Using PowerShell to reset the Allowed threat listing
To bulk delete the allowed threats listing, use PowerShell (admin).
In PowerShell admin, run the following commands:
$ThreatIds = (Get-MpPreference).ThreatIDDefaultAction_Ids
Foreach ($ThreatId in $ThreatIds) { Remove-MpPreference -ThreatIDDefaultAction_Ids $ThreatId -Verbose }
That’s it. It clears the “Allowed threats” listing automatically.
One small request: If you liked this post, please share this?
One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!
