Security | Vulnerability Scans and Assessment Windows

How to restore quarantined files in Microsoft Defender Antivirus

Learn how to restore quarantined files after encountering false positives or malware issues with Microsoft Defender Antivirus. Malicious documents or infected executables can disrupt your system.

Windows Security threat flag

Ensuring computer users’ safety and preserving PC health, antivirus software diligently thwarts potential threats, aiming to neutralize them proactively. Occasionally, this vigilance may lead to unintended file losses, prompting the need to know ‘How to restore quarantined files.’ Additionally, antiviral tools can produce false positives, triggered by factors such as digital signature mismatches, revocation, or expiration.

There are several forms of viruses that can infiltrate and deactivate our devices’ built-in antivirus software. In a situation like this, you can use the built-in Windows Security Offline feature designed to help remove tough viruses, see How to find and remove Malware with Microsoft Defender Offline to learn more.

So how can you restore files quarantined by Microsoft Defender antivirus, and how can you reduce the number of future incidents?

Here are other related guides: How to find and remove Malware with Microsoft Defender Offline, How to turn on Windows 10 Tamper Protection for Microsoft Defender, Microsoft Endpoint Manager: How to manage Microsoft Defender Antivirus with Group Policy and Microsoft Malware Protection via the Command Line Utility, and Smart App Control and how to enable Phishing Protection: Windows 11 New Security Features.

In this informative guide, we’ll explore How to restore quarantined files using Microsoft Defender. Plus, discover the savvy trick of adding files to the Exclusion list to safeguard them from quarantine, all in the context of Windows 11 (though equally effective on Windows 10).

View and restore quarantined files in Microsoft Defender Antivirus

Windows Security always quarantines any suspicious file before deleting it, briefly outlining the nature of the probable threat and the potential threat level that threat may pose.

By default, the virus storage in Windows Security is located under the following path: C:\ProgramData\Microsoft\Windows Defender\Quarantine. However, we advise that you only interact with them through the Windows Security interface since it is far more reliable.

Unlock the secret to recovering your system’s safety! Embrace the power of How to restore quarantined files. Begin by invoking the magic with a press of the Windows key + I key combo, revealing the Settings menu. Navigate to Privacy and Security, and there, on the right side, lies the key to your digital fortress—select the Windows Security item.

file recovery
Windows Settings

Under Windows Security, select the Open Windows Security option.

antivirus quarantine
Opening Windows Security in Settings

In the Windows Security click Virus and Threat Protection.

restore deleted files
Windows Security

Under Current threats click Protection history. Here you can see the complete list of available and eliminated threats that Windows Defender placed in quarantine. Quarantined items are absolutely harmless while they’re held in quarantine.

Microsoft Defender
Opening Protection history

If you are certain a quarantined file is not a threat, and you want to restore it. In the list of all recent items, filter on Quarantined Items. Select an item you want to keep, and take an action, such as restore.

Restore file from quarantine using Command Prompt

You can roll back and remove a file from quarantine if you’ve determined that it’s clean after an investigation. Run the following command on each device where the file was quarantined.

Go to Start and type cmd. Then right-click Command prompt and select Run as administrator.

file recovery
Opening command prompt in Start

Enter the following command, and press Enter:

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Restore -Name EUS:Win32/CustomEnterpriseBlock -All
antivirus quarantine
Command Prompt

How to add files to Exclusions

Imagine you’re eager to know how to restore quarantined files when you’re certain a specific file is harmless. Here’s the trick: manually tackle false positive detections by adding the file to the exclusions list, preventing future removal by Windows Security.

In the Virus and Threat Protection window, please scroll down and find Virus and Threat Protection Settings, under it click on Manage settings.

Opening manage setting for Virus & threat protection settings

Scroll down and find the Exclusions option and click on Add or remove exclusions.

Adding files to Exclusions in Windows Security

Click Add an exclusion and select the type.

Exclusion window

Discover the art of exclusion: Choose How to restore quarantined files, and pinpoint the path to the file, folder, file type, or process you want to protect.

Exclusion added

If you’ve found yourself grappling with Windows Defender’s false positives, here’s a nifty trick: gather those mistakenly flagged programs, and within this bundle of digital underdogs, lies a secret. Craft a sanctuary for them within a special folder, a place where misjudgment won’t tread. This ingenious move ensures that, moving forward, these files shall dance free, untouched by future detections. How to restore quarantined files? This is how.

Important: We strongly advise you not to upload files obtained from unreliable sources to the Exclusion folder. Nobody wants a virus to take control of their computer. Such negligence can have far-reaching effects.
Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x