WinDefThreatsView v1.10
Copyright (c) 2019 - 2020 Nir Sofer

Description

WinDefThreatsView is tool for Windows 10 that displays the list of all threats detected by Windows Defender Antivirus and allows you to easily set the default action (Allow, Quarantine, Clean, Remove, Block, or No Action) for multiple threats at once. You can use this tool on your local computer and also on remote computer, as long as you have permission to access WMI on the remote machine.
For every threat, the following information is displayed: Filename, Threat Name, Severity, Process Name, Initial Detect Time, Status Change Time, Remediation Time, Threat ID, Threat Status, Default Threat Action, and more...

Windows Defender Threats Viewer

System Requirements

This tool works only on Windows 10 and Windows 8.1. Both 32-bit and 64-bit systems are supported. You can also use this tool on Windows 7 to connect a Windows 10 remote computer.

Versions History

  • Version 1.10
    • Added option to choose another font (name and size) to display in the main window.
    • When pressing F5 (Refresh) the refresh process is smoother, keeping the selected item and scroll position.
  • Version 1.06
    • Added 'Put Icon On Tray' option.
  • Version 1.05
    • You can now use any variable stored in the .cfg as command-line option. For example, in order to connect a remote computer that its IP address is 192.168.0.105 :
      WinDefThreatsView.exe /ConnectMode 2 /ComputerName 192.168.0.105
  • Version 1.00 - First release.

Start Using WinDefThreatsView

WinDefThreatsView doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - WinDefThreatsView.exe
After running WinDefThreatsView, the main window displays the list of all threats detected by Windows Defender Antivirus.

Connect Windows Defender on remote computer

In order to view the Windows Defender threats on a remote computer, simply open the 'Advanced Options' window (F9), choose the 'Load threats data from remote computer' option, type the IP address or the computer name of the remote computer and then press the 'Ok' button. If you get 'Access Denied' error on the status bar, you may also need to specify the user name and password to connect the remote computer. Be aware that this feature works only if you have permission to access WMI on the remote machine.

Set default action of Windows Defender

After the list of all Windows Defender threats is displayed on the main window, you can select one or more threats and then set the default action for these threats. You can set on of the following actions: Allow, Quarantine, Clean, Remove, Block, or No Action. You can set the default action for your local computer and for remote computer on your network.
You can use this feature to quickly handle multiple false positive issues: Simply select the threats that are false positives, set their default action to 'Allow' and then WinDefThreatsView will not block anymore.

Be aware that setting the default action of Windows Defender threat requires elevation (Run As Administrator)

View threat information

You can get more information about Windows Defender threat from Microsoft Web site by selecting the threat item and using the 'Open Threat Web Page' option (Ctrl+W).

Command-Line Options

/ConnectMode <Mode> Specifies the connect mode. 1 = local comouter, 2 = remote computer
/ComputerName <Name> Specifies the name or IP address of the remote computer. (For using with /ConnectMode 2)
/UseLoginInfo <0 | 1> Specifies whether to connect the remote computer with the specified user name and password. 0 = No, 1 = Yes.
/UserName <Name> Specifies the user name to connect the remote computer. (For using with /ConnectMode 2 and /UseLoginInfo 1)
/Password <Password> Specifies the password to connect the remote computer. (For using with /ConnectMode 2 and /UseLoginInfo 1)
/stext <Filename> Save the threats list of Windows Defender to a simple text file.
/stab <Filename> Save the threats list of Windows Defender to a tab-delimited text file.
/scomma <Filename> Save the threats list of Windows Defender to a comma-delimited text file (csv).
/shtml <Filename> Save the threats list of Windows Defender to HTML5 file (Horizontal).
/sverhtml <Filename> Save the threats list of Windows Defender to HTML5 file (Vertical).
/sxml <Filename> Save the threats list of Windows Defender to XML file.
/sjson <Filename> Save the threats list of Windows Defender to JSON file.
/sort <column> This command-line option can be used with other save options for sorting by the desired column. The <column> parameter can specify the column index (0 for the first column, 1 for the second column, and so on) or the name of the column, like "Threat Name" and "Filename". You can specify the '~' prefix character (e.g: "~Initial Detect Time") if you want to sort in descending order. You can put multiple /sort in the command-line if you want to sort by multiple columns.

Translating WinDefThreatsView to other languages

In order to translate WinDefThreatsView to other language, follow the instructions below:
  1. Run WinDefThreatsView with /savelangfile parameter:
    WinDefThreatsView.exe /savelangfile
    A file named WinDefThreatsView_lng.ini will be created in the folder of WinDefThreatsView utility.
  2. Open the created language file in Notepad or in any other text editor.
  3. Translate all string entries to the desired language. Optionally, you can also add your name and/or a link to your Web site. (TranslatorName and TranslatorURL values) If you add this information, it'll be used in the 'About' window.
  4. After you finish the translation, Run WinDefThreatsView, and all translated strings will be loaded from the language file.
    If you want to run WinDefThreatsView without the translation, simply rename the language file, or move it to another folder.

License

This utility is released as freeware. You are allowed to freely distribute this utility via CD-ROM, DVD, Internet, or in any other way, as long as you don't charge anything for this and you don't sell it or distribute it as a part of commercial product. If you distribute this utility, you must include all files in the distribution package, without any modification !

Disclaimer

The software is provided "AS IS" without any warranty, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The author will not be liable for any special, incidental, consequential or indirect damages due to loss of data or any other reason.

Feedback

If you have any problem, suggestion, comment, or you found a bug in my utility, you can send a message to support@nirsoft.net

Download WinDefThreatsView (32-bit)
Download WinDefThreatsView (64-bit)
Check Download MD5/SHA1/SHA256 Hashes

WinDefThreatsView is also available in other languages. In order to change the language of WinDefThreatsView, download the appropriate language zip file, extract the 'windefthreatsview_lng.ini', and put it in the same folder that you Installed WinDefThreatsView utility.

LanguageTranslated ByDateVersion
DutchJan Verheijen13/10/20201.10
FrenchLargo28/03/20201.00
German «Latino» auf WinTotal.de13/10/20201.10
Hungarian Kiss Dénes László02/04/20201.00
Japanese maboroshin02/07/20201.06
RussianDmitry Yerokhin13/10/20201.10
Simplified Chinese DickMoore11/04/20201.00
SlovakFrantišek Fico04/05/20201.06