"Threats Found" in Windows Security — What It Means
Windows Security has found something and you're not sure how serious it is. Here's what the different threat levels mean, what to do, and when to be genuinely concerned.
On this page
Seeing "Threats found" in Windows Security can feel alarming, but it's often much less serious than it sounds. Windows Security is very good at catching threats before they cause harm — the fact that it found something is actually the system working as intended.
What Do the Threat Labels Mean?
Severe / High
These are serious threats — ransomware, trojans, or programmes designed to steal information or give someone remote access to your machine. Take immediate action: choose Remove and then restart your computer and run another scan to confirm they're gone.
Medium
Usually adware (programmes that show unwanted ads), browser hijackers, or tools that can be misused. Remove these — they may not be immediately dangerous but they slow your computer down and erode your privacy.
Low
Often labelled as PUA (Potentially Unwanted Application). These are programmes that aren't strictly malware but behave in unwanted ways — bundled software, toolbars, or utilities that change settings without clearly asking. Remove them unless you're sure you want them.
What to Do Step by Step
- Open Windows Security > Virus & threat protection.
- Under Current threats, review what was found.
- Click Start actions or click each threat and choose Remove or Quarantine.
- Restart your computer.
- Run a second Full scan to confirm nothing else is present.
Quarantine vs Remove — What's the Difference?
Quarantine isolates the file so it can't do anything, but keeps it in case it turns out to be a false alarm. Remove deletes it permanently. For anything you don't recognise, Remove is the right call. If you later find a legitimate programme has stopped working, you can check the quarantine history and restore the file.
What If the Threat Keeps Coming Back?
If the same threat reappears after removal, it may be hiding in a location that regular scans miss. Try an offline scan: go to Scan options > Microsoft Defender Antivirus (offline scan). This runs before Windows fully loads, catching threats that hide during normal operation.
Still seeing it after an offline scan? Ask us — we can help identify the source.
Frequently asked questions
Windows Security says a threat was removed, but should I be worried about my passwords or bank account?
It depends on the type of threat. For most adware and low-severity detections, your passwords and banking details are very unlikely to be affected. If the threat was classified as Severe or was a type called 'infostealer', 'keylogger', or 'spyware', it's worth changing your important passwords as a precaution, especially if the infection had been present for a while before being detected.
Windows Security says a file I know is safe is a threat. What do I do?
This is called a false positive. If you're confident the file is legitimate (for example, a programme from a well-known company), click the threat in Windows Security and choose Allow. You can also submit it to Microsoft as a false positive from the Windows Security app under Protection history. Only do this if you're genuinely certain the file is safe.
Comments & Questions (0)
No comments yet — be the first to ask. Comments appear after review.
Leave a comment
Your comment appears after our team approves it. Or sign in to post faster.