4

Windows Defender has quarantined two threats on my PC recently: one is an infected executable on a network share (which was put there deliberately and which someone needs), the other is a simple "potentially unwanted app" from a bundle installer I downloaded for FileZilla.

In Defender's Protection History, when I click on "Restore" or "Remove" for one threat, I get a UAC prompt, then nothing happens when I confirm. After accepting once, I don't get other UAC prompts, but further commands don't do anything either.

The Windows Security task bar icon keeps warning me of the bundle installer, even though I can't remove it.

Why can't I act on quarantined threats, and how can I fix this?

acl
  • 161
  • 1
  • 2
  • 5

1 Answers1

8

Let's fix the issue from Command prompt.

First open Command Prompt as Administrator. Then run cd "%ProgramFiles%\Windows Defender". Now run MpCmdRun.exe -restore -listall and you will get a list of quarantined files. Now choose the file you want to restore and run MpCmdRun.exe -restore -name "Filename" where "Filename" is the file's name you want to restore.

If it does not work, temporarily disable File checking by Windows Security > App & browser control > Check apps and files option set to Off and restore it now. Now again you can turn it on.

Hope that helps

Wasif
  • 7,984
  • 2
  • 19
  • 32
  • You sir, Just saved my bacon. Thanks a lot! – purple11111 Nov 23 '20 at 17:53
  • 2
    Note: There are options to restore all to a specific path. See MpCmdRun.exe -h – Sebastian Ax Jan 19 '21 at 09:55
  • 3
    I had to enter the tread name instead of the file name. Also in the help page it states that the -name parameter refers to the thread name. In my case `MpCmdRun.exe -restore -name Trojan:Script/Wacatac.B!ml` worked while the file name didn't. There is also a -filepath parameter. – Kite Mar 15 '21 at 12:24
  • 1
    @SebastianAx Thanks, that `-Path` option allowed me to restore a file that could not be restored to a network folder – julien.leroux5 Mar 19 '22 at 11:57
  • If I would like to restore a specific file, not a threat type, what should I do? – Alex Mar 01 '23 at 05:49