Sunday, January 15, 2023

Restoring a Quarantined File in Microsoft Defender

Restoring a Quarantined File in Microsoft Defender 


Microsoft Defender antivirus is a reliable choice to protect your Windows PC. It consistently scores high in AV tests, includes multiple scan options, and provides several extra tools. But that doesn't mean it's infallible and immune from alerting to false positives.

Here's what to do if Defender quarantines a file you know to be safe.

Why Would Defender Quarantine a Safe File?

Microsoft Defender is generally good at not alerting to safe files. As long as the virus definitions are kept up to date (especially if you learn how to manually update Windows Defender), false positives are rare. But they do happen.

Defender provides strong protection by being proactive and will quarantine potential threats, as well as active ones. Files are usually flagged as suspicious due to a mismatched or expired digital signature. It can also occur if the file has been incorrectly reported as dangerous.

How to Restore a Quarantined File in Defender

Suspicious files will usually be quarantined rather than automatically deleted. This means they're put in a secure holding state so you can decide whether or not they should be deleted. However, in some situations, files confirmed to be infected will be deleted to protect your system.

You can find recently quarantined files in the Protection History.

1.   Open Settings > Privacy & Security > Windows Security, and click the Open Windows Security button.

2. Select Virus & Threat Protection and click the Protection History option below the Scan button.



3.   You can filter the protection history to display quarantined files using the button at the top.

4.   Locate the file you want to restore and select it. You can then choose the option to restore it.

 

To prevent the file from being flagged again, you can add it to the list of exclusions. You can find this option in the Virus & Threat Protection Settings. If you need more help, check out our guide about adding exclusions to Microsoft Defender antivirus.

How to Restore a Quarantined File Using Command Prompt

If you can't access the Windows Security app, for some reason, you can restore quarantined files in Command Prompt (elevated).

1.   In Windows Search, type Command Prompt and click the Run as Administrator option.

2.   In Command Prompt, enter the following command: cd “%ProgramFiles%\Windows Defender”.

3.   Then type: MpCmdRun.exe -restore -listall to see a list of all currently quarantined files.



4.   You can restore a single file by typing: MpCmdRun.exe -restore -name “Filename”. Replace Filename with the name of the file you want to restore.

If a file was quarantined because it was a potential network threat, you might be unable to restore it. This is usually because the system might no longer have the required network credentials to access the file.


Thanks for Reading...

Masud Rana

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Describe BIOS and UEFI

  BIOS (Basic Input/Output System) and UEFI (Unified Extensible Firmware Interface) are firmware interfaces responsible for initializing har...