The new “Windows Defender Backup” rule doesn’t delete anything here (Windows 11), any ideas?
(That’s kind of expected as the folder should have a strong anti-tampering protection.)
Thanks for the report.
I hadn't looked at it before but just gave it a go.
On Windows 10 here it found 8 out of 10 files (sounds like a commercial) to delete in "C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup"
But as you say running a clean did not actually delete any of them.
If I try to delete one maunally in File Explorer it asks for elevated 'System' permission to delete it. (I am already admin).
I've flagged it up to the staff for the developers to look at.
@nukecad
Do any of them get cleaned if you use Win 10 Storage cleaning?
Good thought @hazelnut.
But no, I just tried it and they are still there after a 'Clean now' in Storage Sense.
I've looked a bit more at what these particular Defender Backup files are.
I haven't checked them all, but the 4 that I have checked are duplicate copies of the'live' files in use, rather than being old versions.
The contents of the 'live' files and the backup are identical on the 4 that I checked.
Presumably Defender has the backup there in case something happens to the live copy, or maybe as a double check of the integrity of the live copy?
As they appear to be reserve/reference copies, rather than old versions, then I for one will be leaving them there.
Deleting them would also be pretty useless if they are needed reference copies, and so Defender then has to recreate them again.
On 15/06/2023 at 08:29, mogli said:<div class="ipsQuote_contents"> <p> The new "Windows Defender Backup" rule doesn't delete anything here (Windows 11), any ideas? (That's kind of expected as the folder should have a strong anti-tampering protection.) </p> </div>
Hi mogli:
Thanks for reporting this.
The Sept 2020 github thread at Persistent Error When Deleting (Windows Defender Backups) would suggest that BleachBit developers also tried to incorporate a similar cleanup of MS Defender backup files into their disk cleaning software but ultimately removed that option because because they believed the deletion of these backup files was being blocked by Microsoft Defender's tamper protection self-protection module. However, they must have found a workaround because I just tested BleachBit Portable v4.4.2 (Preview mode only - I didn't actually proceed with the clean) on my Win 10 laptop and 278 MB / 10 files in C:\ProgramData\Microsoft\WindowsDefender\Definition Updates\Backup were marked for deletion.
I use Microsoft Defender for my real-time antivirus protection on my Win 10 machine and can use the built-in Disk Cleanup utility at Windows Administrative Tools | Disk Cleanup | Clean Up System Files | Microsoft Defender Antivirus to safely purge any "non-critical" Microsoft Defender files. However, Disk Cleaner shows that there are currently only about 12 MB of "non-critical" MS Defender files on my hard drive ...
... and Disk Cleaner doesn't appear to touch any of the 262 MB / 8 files of files in C:\ProgramData\Microsoft\WindowsDefender\Definition Updates\Backup shown below that CCleaner v6.13 is failing to clean.**
** Note that CCleaner detects 2 fewer MS Defender backup files than BleachBit
I'm not sure why Piriform / Avast thought it was a good idea to add routine cleaning of these Microsoft Defender definition update backups to CCleaner when Microsoft clearly doesn't think it's a good idea, unless they're just trying to mimic what BleachBit is doing. If Avast / Piriform is going to fix this cleaning rule so it works as expected (which would likely require temporary disabling of Microsoft Defender tamper protection, which sounds like a terrible idea) they should at least move this new option under Custom Clean | Windows | Advanced (i.e, instead of under System) just to warn users that this type of cleaning should not be done on a routine basis.
-------------
Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.3086 * Firefox v114.0.2 * Microsoft Defender v4.18.23050.5-1.1.23050.3 * Malwarebytes Premium v4.5.31.270-1.0.2047 * Macrium Reflect Free v8.0.7279 * CCleaner Free Portable v6.13.10517 * BleachBit Portable v4.4.2
I agree completely with lmacri:
"If Avast / Piriform is going to fix this cleaning rule so it works as expected (which would likely require temporary disabling of Microsoft Defender tamper protection, which sounds like a terrible idea) they should at least move this new option under Custom Clean | Windows | Advanced (i.e, instead of under System) just to warn users that this type of cleaning should not be done on a routine basis."
In a simple test, I imaged my C:\ drive, then temporarily turned off Defender's Tamper Protection, and re-attempted the deletion of the files in that Backup folder. They deleted with no problem, and having thus determined that @lmacriwas correct in her assumption that Defender's Tamper Protection was preventing the deletion previously, I restored the deleted files and re-enabled Defender's Tamper Protection.
I'd take it a step further than lmacri, though: rather than moving that rule to Advanced, I'd just remove it, period. Without disabling Defender's Tamper Protection, it does nothing, and if advanced users think of disabling Defender to make the rule work as expected, they will be doing a very risky thing.
I only did this as a test, after creating a reliable drive image, and I do not recommend this procedure to anyone. "Just say No."
Personally I'd class them as duplicate system files.
And as we always say about the Duplicate Finder: "Leave the system duplicates alone, they are (usually) not junk but are there for a good reason".
@nukecad: Agreed. So why not just remove this rule, which we agree does nothing and which, in any case, we would not recommend using even if it did work?
36 minutes ago, Wisewiz said:<div class="ipsQuote_contents ipsClearfix" data-gramm="false"> <p> <a contenteditable="false" data-ipshover="" data-ipshover-target="<___base_url___>/profile/73689-nukecad/?do=hovercard" data-mentionid="73689" href="<___base_url___>/profile/73689-nukecad/" rel="">@nukecad</a>: Agreed. So why not just <strong>remove </strong>this rule, which we agree does nothing and which, in any case, we would not recommend using even if it <strong>did</strong> work? </p> </div>
Well programme developers are only people and just like the rest of us make mistakes now and again. (Or get enthusiastic and do something that isn't needed).
I think you misunderstood me (possibly). I wasn't criticizing the devs at Piriform/Avast, I was just making a polite (I hope) suggestion. Taking something out is, after all, a lot easier than putting something new in.
And yes, I've made mistakes, too. I remember the last time I made a mistake: it was a rainy Saturday in 1963, and ... aahng, you don't want to hear about it. ?
Ah, but I was criticising them a bit, in a polite way of course. (Not for the first time, and sometimes less politely).
Well, I'll be! I thought you had a direct line to the head coder, and a reserved spot on the to-do list at Piriform/Avast. Shucks!
OTOH, if they got everything right the first time around, what would we do with the time we'd have on our hands if nobody complained to CC Community Forums?
That’s interesting. Can you describe how the anti-tampering stuff introduced in newer Windows 10 versions and Windows 11 can be turned off?
I don't know if @Dave CCleaner or any of the other Avast/Piriform employees are following this thread but it might make sense to move it to the CCleaner Bug Reporting board at https://community.ccleaner.com/forum/8-ccleaner-bug-reporting/ since the new Windows Defender Backup cleaning doesn't work as expected (i.e., it throws a "File Access Denied" error when it attempts to clean the protected C:\ProgramData\Microsoft\WindowsDefender\Definition Updates\Backup folder).
-------------
Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.3086 * Firefox v115.0.0 * Microsoft Defender v4.18.23050.5-1.1.23050.3 * Malwarebytes Premium v4.5.32.271-1.0.2051 * Macrium Reflect Free v8.0.7279 * CCleaner Free Portable v6.13.10517
29 minutes ago, mogli said:<div class="ipsQuote_contents"> <p> @Wisewiz That's interesting. Can you describe how the anti-tampering stuff introduced in newer Windows 10 versions and Windows 11 can be turned off? </p> </div>
Microsoft/Windows Defender (the name changes with the weather) has many controls available. If you go to Windows Security > Virus & threat protection > Virus & threat protection settings > Manage settings, and scroll down, you'll find Tamper Protection, among other settings. If you toggle the slider for Tamper Protection to OFF, alarms will go off in the Defender internal system, and you'll see a flag in your notification tray.
Until you toggle that setting back to ON.
The other thing is having a software app that can temporarily turn Defender OFF, once the Tamper Protection is removed. I will not recommend or provide a link to any such program, but I have one. They are readily available, but hard to get installed, because they can turn off Defender, and Defender doesn't want them to turn it off.
Off Tamper Protection allows you to turn off Defender. When Defender is off, any of its backup files can be deleted, by CCleaner or by any other method.
Yeah, but the point is how to do it when tamper protection is on, of course.
47 minutes ago, mogli said:<div class="ipsQuote_contents ipsClearfix" data-gramm="false"> <p> Yeah, but the point is how to do it when tamper protection is on, of course. </p> </div>
I guess that's a bit like having your front door locked and then wanting to be able to just walk in.
Exactly, one needs to go as far as smashing a window but piriform shouldn’t go this far, otherwise microsoft needs to step in, but that means this cleaning rule is nonsense.
12 hours ago, lmacri said:<div class="ipsQuote_contents ipsClearfix" data-gramm="false"> <p> I don't know if <a contenteditable="false" data-ipshover="" data-ipshover-target="<___base_url___>/profile/84188-dave-ccleaner/?do=hovercard" data-mentionid="84188" href="<___base_url___>/profile/84188-dave-ccleaner/" id="ips_uid_2061_12" rel="">@Dave CCleaner</a> or any of the other Avast/Piriform employees are following this thread but it might make sense to move it to the <strong>CCleaner Bug Reporting</strong> board </p> </div>
I've moved it.
We often don't bother which particular sub-forum a thread is in, people can still find them. Though it does make things tidier if they are in the most relevant one.
PS. Dave no longer works at CCleaner, there have been a few staff changes in recent months, so I doubt that anyone will see 'pings' or messages for him. (unless someone logs in using that username/password).