[SOLVED] Microsoft Safety Scanner and Windows Defender Logs

Status
Not open for further replies.
B

Badram

Well-known member
Joined
Jun 8, 2023
Posts
155
Hi I’ve got a question about the Safety Scanner and Defender logs.

Ive ran the safety scanner a decent amount of times, and I’m wondering if those individual scans and results would appear in defender logs?

I’m aware that you can find the results in the windows\debug\msert.log, but would they appear in defenders logs as well, are these two linked in any way?
If you were to manually clear defender logs, would that completely clear the msert.log file as well?

Sorry if this seems like an odd question to ask.
 
I guess what I mean by manually, is either deleting the scan and general defender history folder contents itself, or clearing the defender history from the event viewer. I’ve ran the safety scanner you can download from Microsoft a decent amount of times this year, and the MSERT log file is filled with every scan I’ve done.

I was wondering if you were to clear those, would that have any sort of impact on the MSERT log file that contains the scan results from Microsoft Safety Scanner scans?

Sorry if I’m wording this poorly
 
No need to apologize. I ask questions not out of annoyance but to make sure I understand the issue so as to give you the most accurate answers possible. :-)

Badram said:
I was wondering if you were to clear those, would that have any sort of impact on the MSERT log file that contains the scan results from Microsoft Safety Scanner scans?
Click to expand...
No.
 
Thank you

So if I’m understanding this correctly, scans done with the Microsoft safety scanner won’t show up in the defender history, and only appear in the MSERT.log file?

So I imagine it’s normal for that file to log every scan done, and not delete any? I was wondering if something was wrong, since I’ve got all the safety scanner scans I’ve ever done logged in that file, dating all the way back to January when I first ran it.
 
Thank you for the response!

I was concerned since the MSERT.log file had every single scan I had done since the beginning. I was under the assumption that it was maybe supposed to delete older scans in that file, since other scanners and anti-virus software can delete logs older than a certain period of time.
 
Thank you for the responses, it puts me at ease here!

Since the end of last year, Ive gotten really paranoid over computers in general and malware, so I get scared very easily whenever something unexpected happens.

Recently for example, I discovered that Discord had signed me out on my Desktop, this could’ve been due to the session being inactive for a long time (I think the last time I actually launched it was at the end of June or the beginning of July ) but it got me thinking that there was some sort of token stealer in my PC somehow, and that’s the main thing that’s kept me from going on the computer at the moment.

I also don’t know if you should update programs if you suspect something is there or not.
 
Badram said:
Thank you for the responses, it puts me at ease here!
Click to expand...
You are very welcome!
Badram said:
I discovered that Discord had signed me out on my Desktop
Click to expand...
More than likely a software update that required the app to be logged out.

Badram said:
I also don’t know if you should update programs if you suspect something is there or not.
Click to expand...
I'm not sure what you mean. My regular answer to updating the OS or apps is: You should always update. Vulnerabilities in all software are found every day. Updates help mitigate/fix these vulnerabilities.
 
xrobwx71 said:
More than likely a software update that required the app to be logged out.
Click to expand...
I only found out that I was logged out there when I checked my signed in devices on another device, and saw that it was no longer there. After I loaded the application it had to install 13 updates since I hadn’t loaded it in quite a while. The session couldve expired due to inactivity.
xrobwx71 said:
I'm not sure what you mean.
Click to expand...
I guess what I mean, is that if you suspect you have something like a token stealer, or any type of malware, you shouldnt update anything if you’re posting logs for it to help get it removed or something? I suppose that’s if you opened a case for help though.
sorry for the poor wording.

I’ve not had my PC on since Sunday, as I got paranoid over all of these suspicions, and was hesitant to load it up and install a lot of updates in case that caused problems.
 
If you suspect you have malware, then you clean the system and then update.

Security Arena here at Sysnative is for this purpose: to help a user clean their system from malware.
 
DR M said:
then you clean the system and then update
Click to expand...
are you referring to all types of software updates, or just windows updates?

On another note, I found out my motherboard received another bios update last month which “Mitigate the AMD potential security vulnerabilities for AMD Athlon processors and Ryzen processors“
The one I’m currently on is the release before this, which also had this in the release notes, so i don’t know how necessary it is to update. I did it before months ago, and I was very anxious during the whole process, while hoping I’d not have to do it again.
I wish the notes weren’t so vague.
 
are you referring to all types of software updates, or just windows updates?
Click to expand...

Yes, although every case is unique and has its own demands, I refer to all types of updates.
 
I see.
I’m in a situation where I’ve got automatic updates for things, so if I open Firefox for example, I’ll have to restart it to update when I get back on. I’ve had my PC off to avoid this.
as for the bios thing, I may wait for now, since I don’t know how big of a deal it is.
 
Just to clarify: automatic updates for software, browsers, operating system is recommended.

What I said above, applies in cases when there is an updated pending, for any reason, and the system is infected. In these cases, we clean the system first and then update.
 
I see.
I’m probably getting confused about how browser updates work, or start.
I have Firefox set up so itll download the update after I open the browser as opposed to doing it on its own in the background, then I need to restart to install it. I’m not sure if I have to go to the settings page to initiate the restart and installation though, and if I can just avoid doing that (I generally keep up to date with email notifications about Firefox updates, and whenever one comes out, I immediately open the browser and go to settings to download it)
i guess I’m worried about starting a case, and closing the browser which could cause an update.

sorry if this is all worded poorly, I’m pretty tired right now
 
I see that you are worried about your system. Why not posting at the appropriate place and let me check your logs? It's not right to say things assuming that the computer is infected or maybe it is or it isn't. Just post the 2 requested logs, and I'll give them a look.
 
Would it be acceptable for me to install updates before I post the logs?
All of this paranoia has come from me discovering I wasn’t signed into discord on my desktop anymore, but this very well could’ve been due to me being inactive in it on my desktop, as I think the last time I loaded the app was a month ago at this point. I instantly thought there could be a token stealer or something, despite there being no evidence of that.

I forgot to mention a while ago, but I also can’t remember the password to my local account, as I sign in with the PIN instead. I cant even reset it with the options on the sign in screen, as when I click forgot password, a window pops up saying “no drive” like I have some sort of password protection on.
 
Would it be acceptable for me to install updates before I post the logs?
Click to expand...

Just post the logs. :-)

We will continue from there.
 
Status
Not open for further replies.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top