Have you ever had the frustrating experience of having Windows Defender (Windows Security) quarantine a file that you actually needed? It can be a real headache, especially if you don’t know how to restore it.
Fortunately, the process is relatively straightforward, and in this article, we’ll walk you through everything you need to know to restore quarantined files in Windows Defender. From why files get quarantined in the first place to the step-by-step process of restoring them, you will be armed with all the information you need to get your files back where they belong.
What is Microsoft Defender (Windows Security)
Microsoft Defender is a safety tool for protecting your computer from all sorts of digital nasties. It is like a digital bodyguard for your PC.
It is a built-in anti-malware tool that comes with the Windows operating system. It uses advanced technology to detect and remove threats in real-time, so you can browse the web and download files without worrying about viruses or malware.
Alongside scanning for malicious software, Microsoft Defender monitors your system for any suspicious activity that could indicate a potential threat. It also blocks malicious websites before they can cause any damage to your system.
But that’s not all! Microsoft Defender also includes a range of other features to keep your computer secure, including a firewall to protect your network from hackers, parental controls to keep your kids safe online, and even ransomware protection to safeguard your files from being held hostage.
The best part is that Microsoft Defender updates automatically, so you can be sure you are always protected against the latest threats.
What are Quarantined Files and What Happened to Them
Quarantined files are identified by your computer’s security software, i.e. Microsoft Defender, as potentially harmful to your system. When a file is quarantined, it is moved to a secure location on your computer that can’t cause any harm.
Quarantine is like a holding area where the file is kept away and isolated from the rest of your system to prevent it from doing any damage. Think of it like a “time-out” for a misbehaving file. Microsoft Defender can prevent it from running and potentially damaging your system or stealing your personal information by isolating it in quarantine.
When the file is isolated and put into quarantine, it is automatically removed from the original directory. Therefore, you may no longer be able to see it.
This gives you time to figure out whether the file is actually malicious or not. If you determine that the file is safe, you can release it from quarantine and put it back where it belongs. But if the file is harmful, you can safely delete it from quarantine without risking your computer.
Which Files are Quarantined by Windows Security
Quarantined files can include all sorts of things, such as viruses, malware, spyware, and other types of malicious software. Here are the common files that Windows Security usually quarantines.
- Viruses – Malicious programs that can replicate themselves and spread from one computer to another. They can cause harm to your system, steal personal information, or cause other types of damage.
- Malware – This is a general term that refers to any software designed to harm your computer, steal your data, or cause other types of damage. Malware can come in many different forms, including viruses, spyware, adware, and more.
- Trojan Horses – Programs that appear harmless but contain hidden pieces of code that cause harm to your computer. They may allow attackers to gain unauthorized access to your system or steal personal information.
- Rootkits – Stealthy types of malware that can hide their presence on your system and give attackers remote access to your computer.
- Ransomware – A type of malware that encrypts your files and demands payment in exchange for the decryption key.
- Potentially Unwanted Programs (PUPs) – Programs that are installed on your computer without your knowledge or consent. These are responsible for slowing down your system, displaying unwanted ads, or collecting personal information.
- Suspicious Files – The files that may have characteristics of malware, such as a suspicious file name or behavior, but are not classified as a specific type of threat. This includes all files and drivers authorized vendors and manufacturers do not digitally sign.
Where are Quarantined Files Stored in Windows Defender
The default location for virus storage in Windows Security is C:\ProgramData\Microsoft\Windows Defender\Quarantine. However, it is best to use the Windows Security interface to handle them instead of directly accessing this location because it is more dependable.
Now that we understand what quarantine files are and why they are removed, let us move on to restoring them (if needed).
How to Restore Windows Defender Quarantined Files
As we mentioned before, some files and software are quarantined simply because they are not signed by an identified authority, but contain no virus or malware. Such files can be safely restored without putting your PC in harm’s way. There are two methods to restore quarantined files.
Restore Quarantined Items using Windows Security
The easiest and most convenient method to restore quarantined files is from the Windows Security app itself. Here is how:
Navigate to the following:
Click “Protection history” under Current threats.
Here, you will see a list of quarantined files along with their vulnerability intensity.
Click on the item that you want to restore to expand it.
Click the “Allow” drop-down menu and then click “Allow.”
If prompted with a UAC, click “Yes.”
The file will now be removed from quarantine and restored to its original location.
Restore Quarantined Items from Command Prompt
Another method to restore quarantined files is from the Command Prompt.
Launch an elevated Command prompt.
Run the following cmdlet to change the directory to where the Windows Security is located:
cd “%ProgramFiles%\Windows Defender”
Now run the following cmdlet to list all the quarantined files:
MpCmdRun.exe -restore -listall
You will now have the names of all the quarantined files along with the timestamp of when were quarantined. Note down the name of the file that you want to restore.
Now use the following command to restore a quarantined file while replacing “[FileName]”.
MpCmdRun.exe -restore -name "[Filename]"
The named file will now be restored to its original directory and allowed to run on your PC.
This article lists two methods to restore quarantined items on Windows 10 and 11. However, Windows Security is incapable of differentiating between actual harmful threats and the files that are safe to run but only signed by an unauthorized entity. Therefore, it is up to you, the end user, to allow and restore only the safe files on your PC.
If you accidentally restore a malicious file, the chances are, that your computer is going to get infected when you run it. That is why caution is advised when you use the methods given above to restore quarantined files and items.
Frequently Asked Questions (FAQs)
Is It Safe To Run Quarantined Files?
Files in quarantine are safe to run as long as they are not harmful. Oftentimes, Microsoft Defender detects normal files are infected and move them to the quarantine folder. Make sure to check all the quarantine files before you restore any for a safe run.
Restoring Quarantined Files by Microsoft Defender Antivirus
Almost every Windows user relies on Microsoft Windows Defender to keep their system safe from malicious items. However, the antivirus program fails to determine whether a certain file is harmful or not and quarantines it. Fortunately, following the straightforward methods shared above, you can find and recover the quarantined files easily.