WinDefLogView is a new portable application by Nirsoft. The program displays information about recent threats that the default Windows security solution detected.
While it is possible to check detected threats elsewhere, doing so requires quite a few clicks in the Windows Security app. The way results are displayed is also not ideal for getting a quick overview of recent threats.
WinDefLogView is a typical Nirsoft application. It is small in size and portable. Just download the archive from the Nirsoft website, extract it on the system, and run the executable file to launch the app. The program is compatible with Microsoft's Windows 10 and 11 operating systems only, but it may be run on older versions of Windows, e.g., Windows 7, to display information from remote systems running Windows 10 or 11.
The interface displays all detected threats in a table. Each line lists the filename, detection name, threat name, severity, category, action, origin, process name and more. A click on a column header sorts the listing accordingly, e.g., by date or severity.
The shortcut Ctrl-F or the selection of Edit > Find displays a search option to filter based in input; this is useful if lots of threats are displayed. The selection of File > Choose data source enables you to retrieve the data from remote computer systems or external folders.
The right-click menu displays several options. The most interesting opens the threat URL on Microsoft's website, which offers additional information on the detected threat.
WinDefLogView is a threat viewer, which means that it does not offer any options to react to the threats it displays. Some or all lines can be exported to the local system in several formats, including CSV, JSON and XML. Items can also be copied directly using CTRL-C. The copied items can then be pasted into spreadsheet applications such as Excel.
Description on Nirsoft's website:
WinDefLogView is a tool for Windows 10 and Windows 11 that reads the event log of Windows Defender (Microsoft-Windows-Windows Defender/Operational) and displays a log of threats detected by Windows Defender on your system. For every log line, the following information is displayed: Filename, Detect Time, Threat Name, Severity, Category, Detection User, Action, Origin, and more...
You can view the detected threats log on your local computer, on remote computers on your network, and on external disk plugged to your computer.
WinDefLogView is a useful application, as it provides a quick view of all detected Windows Defender threats. While it does not support threat actions, it may point users in the right direction immediately without having to use the cumbersome Windows Security application.
Now You: do you use Windows Defender?