When you run any of Full Scan, offline scan, and quick scan Windows Defender a log file is created. WinDefLogView allows to get at the log and read the file. The small utility reads the event log of Windows Defender (Microsoft-Windows-Windows Defender/Operational) in Windows 11 and 10. It displays the complete log of threats detected by Windows Defender on your system. You can see Detect Time, Severity, Filename, Category, Detection User, Threat Name, Action, Origin, and other for every log line. The tool will display the detected threats log on your local computer, remote computers on your network, and external disk as well. See about another tool – PropertySystemView – Change File Properties and Metadata on Windows
WinDefLogView is compatible with Windows Defender in both Windows 11 and Windows 10 64-bit and 32-bit systems. However, the tool also works perfectly on older versions of Windows such as Windows 7 and allows to see the data on remote computer with Windows 10 or 11, or on an external drive with Windows 10 or Windows 11.
Here is how to use WinDefLogView in Windows 11 or 10 –
- Get the tool from this download link.
- WinDefLogView is just a small standalone .exe file that you can run on any system without installing anything. So once downloaded, double click on WinDefLogView.exe to start using it.
- The tool will show a list having the log of all threats detected by Windows Defender.
- If you like you can export the list to html/xml/tab-delimited/comma-delimited file by using the Save Selected Items.
- Furthermore, you can copy the selected Windows Defender log to the clipboard (Ctrl+C) and then paste them into Excel using Ctrl+V.
- If you want to see the log of detected threats on a remote computer, navigate to File.
- Either select Data Source or press F7.
- Choose Remote Computer in the load from combo-box.
- Type the name or IP address of the remote computer. Make sure that you have full admin access to the remote computer to see the detected threats log.
- To see the detected threats on more than one remote machine, choose the Multiple Remote Computers.
- Type the names of the computers, delimited by comma.
View detected threats on external drive using WinDefLogView
- Plug in the external device to the laptop.
- Navigate to File.
- Either choose Data Source or press F7.
- Select – External Folder from the load from group of options.
- Choose event log folder in the external drive such as G:\Windows\System32\Winevt\Logs).
- Again ensure that you have read access to the event log folder.
When you read access You may want to have read access to this folder you will have to run WinDefLogView as Administrator.
- The tool will require Microsoft-Windows-Windows Defender%4Operational.evtx file.
- The tool will attempt to detect archive log files when the ‘Read archive log files’ option is enabled.