How do I remove quarantined threats

Page 2 of 3 FirstFirst 123 LastLast

  1. Posts : 57
    Windows10 Pro Build 1709
    Thread Starter
       08 Jun 2018 #11

    zbook said: View Post
    Run the Microsoft malicious software removal tool and post an image of the results into the thread:
    Download Malicious Software Removal Tool from Official Microsoft Download Center
    Thanks for your suggestion zbook. I ran it, and got "No malicious software found". My uneducated guess is that the tool does not look in the area where it is already quarantined. Might that be correct?
    Click image for larger version. 

Name:	Trojan10.PNG 
Views:	37 
Size:	16.9 KB 
ID:	191571
      My ComputersSystem Spec


  2. Posts : 57
    Windows10 Pro Build 1709
    Thread Starter
       08 Jun 2018 #12

    Bree said: View Post
    Makes no difference, it is the same in Home as in Pro (I have Pro on another machine).

    So Bree, why would your Threat History page show Remove and Remove All buttons, and mine does not? When I open (click on) Threat History, I see this
    Click image for larger version. 

Name:	Trojan06.PNG 
Views:	1 
Size:	186.5 KB 
ID:	191578
    Then from there, I click on See Full History, and I get this
    Click image for larger version. 

Name:	Trojan08.PNG 
Views:	1 
Size:	115.1 KB 
ID:	191579

    No where, do I see a Remove button like your image shows.

    Zbook's suggestion to run the MSRT is a good one. If that is clear, you may want to test Defender with a safe test 'virus'.

    Intended use ° EICAR - European Expert Group for IT-Security

    I wrote this .bat file to create the EICAR test file. If you download it you will need to unblock it before you can run it. Running it will attempt to create the file, which should be immediately detected by Defender. Shortly after it should appear as a Quarantined file. This was how I made my screenshots earlier.
    Since Defender did it's job by identifying and quarantined the threat, what will I gain by testing it as you suggest?
      My ComputersSystem Spec

  3.   My ComputerSystem Spec

  4. Bree's Avatar
    Posts : 9,648
    10 Home x64 (1809) (10 Pro on 2nd pc)
       08 Jun 2018 #14

    ALN said: View Post
    So Bree, why would your Threat History page show Remove and Remove All buttons, and mine does not?
    It does say under 'Quarantined threats' that "Quarantined threats have been isolated and prevented from running on your device. They will be periodically removed". It could just be that by now they have been automatically removed. It's a possibility as your detections were a few days ago on the 5th. My test was less than 24 hours ago so the quarantined file has not (yet) been automatically removed.

    Since Defender did it's job by identifying and quarantined the threat, what will I gain by testing it as you suggest?
    Just reassurance that it's working as designed.
      My ComputersSystem Spec


  5. Posts : 57
    Windows10 Pro Build 1709
    Thread Starter
       08 Jun 2018 #15

    OK Bree. I ran the EICAR test file, and Defender intercepted it immediately. Guess it's working as designed. It shows up as being quarantined, but still no option to Remove from quarantine. So your thought about the Trojan entries possibly being already removed seems to be shot down. Would also believe that when they are automatically removed, I would no longer see the entries, don't you think?
    Click image for larger version. 

Name:	Trojan11.PNG 
Views:	1 
Size:	116.1 KB 
ID:	191588
      My ComputersSystem Spec

  6.    08 Jun 2018 #16

    "My uneducated guess is that the tool does not look in the area where it is already quarantined."
    That is true. The scans are looking for infections but the computer isn't infected. I've seen what you are seeing a some computers recently.
    On the computers in which I have removed similar quarantines those computers were on 1709: it appears that shouldn't make a difference as mentioned in a prior post.
    But in order for me to remove the quarantined items , I wasn't able to remove them all at once. I had to select each one individually, what I don't recall is whether I used the Severe arrow, the See details choice or just selected the Trojan itself. See what happens when you try to clear each one at a time.
      My ComputersSystem Spec


  7. Posts : 57
    Windows10 Pro Build 1709
    Thread Starter
       08 Jun 2018 #17

    MeAndMyComputer said: View Post
    "My uneducated guess is that the tool does not look in the area where it is already quarantined."
    That is true. The scans are looking for infections but the computer isn't infected. I've seen what you are seeing a some computers recently.
    On the computers in which I have removed similar quarantines those computers were on 1709: it appears that shouldn't make a difference as mentioned in a prior post.
    But in order for me to remove the quarantined items , I wasn't able to remove them all at once. I had to select each one individually, what I don't recall is whether I used the Severe arrow, the See details choice or just selected the Trojan itself. See what happens when you try to clear each one at a time.
    Already tried that - No Remove button anyplace. BUT...
    Just went back to try individually removing the Test file (Previously only tried it on the Trojans). Now the History page shows only the EICAR Test file; the 3 Trojans are gone... AND now I have a Remove All button!
    Click image for larger version. 

Name:	Trojan12.PNG 
Views:	2 
Size:	190.0 KB 
ID:	191616
    Looks like the auto removal waits 3 days (June 5 when it was detected to today, June8). Guess that makes sense, but absolutely no idea why I didn't have a Remove button until now. Probably doesn't matter since all seems to be working fine now - I did click on the Remove All button, and the EICAR Test file was removed.

    Thanks you ever so much for your attention and help on this!
    Attached Thumbnails Attached Thumbnails Trojan08.PNG   Trojan09.PNG  
      My ComputersSystem Spec

  8. Bree's Avatar
    Posts : 9,648
    10 Home x64 (1809) (10 Pro on 2nd pc)
       08 Jun 2018 #18

    ALN said: View Post
    Looks like the auto removal waits 3 days (June 5 when it was detected to today, June8). Guess that makes sense...
    I'll be able to confirm that in a couple of days, I've deliberately not removed my EICAR test file from quarantine

    Just went back to try individually removing the Test file ... now I have a Remove All button!
    I've noticed that there's often a short delay between detection/blocking and the file appearing in quarantine.
      My ComputersSystem Spec

  9.    09 Jun 2018 #19

    Thanks ALN, very informative.

    I'd like to share this information I had found
    How to configure quarantine files removal on Windows Defender Antivirus
    How to configure quarantine files removal on Windows Defender Antivirus | Windows Central
    In my case on my computer (NOTE: I don't have a quarantined threats, I just wanted to find out what my configuration is) there wasn't any configuration for quarantine files removal on Windows Defender Antivirus and I left the it alone.

    In my prior post about my experience of removing the quarantined items individually, they were done the same day as the attempted infection occurred. The owner in each situation saw that Windows Defender recommended a restart which they did and called me up. I was able to remove each one individually as I mentioned but if I get more experience as time goes on, this is an excellent thread to refer to.
      My ComputersSystem Spec


  10. Posts : 57
    Windows10 Pro Build 1709
    Thread Starter
       09 Jun 2018 #20

    MeAndMyComputer said: View Post
    Thanks ALN, very informative.

    I'd like to share this information I had found
    How to configure quarantine files removal on Windows Defender Antivirus
    How to configure quarantine files removal on Windows Defender Antivirus | Windows Central
    In my case on my computer (NOTE: I don't have a quarantined threats, I just wanted to find out what my configuration is) there wasn't any configuration for quarantine files removal on Windows Defender Antivirus and I left the it alone.

    In my prior post about my experience of removing the quarantined items individually, they were done the same day as the attempted infection occurred. The owner in each situation saw that Windows Defender recommended a restart which they did and called me up. I was able to remove each one individually as I mentioned but if I get more experience as time goes on, this is an excellent thread to refer to.
    Thanks MeAndMyComputer for the link. Very well written and easy to follow. My system is set at "Not configured." I elected not to change it at this time because there seems to be conflicting information that I hope somebody can clear up:
    When I open Threat History, I see this
    Click image for larger version. 

Name:	Trojan12.PNG 
Views:	2 
Size:	190.0 KB 
ID:	191706
    it clearly says Quarantined threats will be periodically removed. My Group Policy Editor shows "Not configured," and the explanation there (and in the site you referenced) says if not configured, the quarantined items will stay in the quarantined folder forever. So the Threat History says they will be periodically removed (and in my case, the 3 Trojans were removed, and not manually by me) but the Group Policy Editor says they will stay forever. I'm confused.
      My ComputersSystem Spec


 
Page 2 of 3 FirstFirst 123 LastLast

Related Threads
Restore quarantined file, Windows Defender, Creators Update in AntiVirus, Firewalls and System Security
I can't find the Windows Defender quarantine anymore in Creators Update.
Threats by Email in Chillout Room
Have any of you ever received this, from any destination? I am 99% sure its fake but have sent it to iobit.com: Hi, We are here informing you that your computer that has installed any iobit software from any time period has now been set to...
Message re. quarantined file keeps appearing! in AntiVirus, Firewalls and System Security
I use Avast which is very good indeed but over the last 3 days every time I boot up my laptop a message appears in blue box which says 'file found and quarantined' or something like that. I quickly click on the ! in the corner of box but there is no...
How to know what files are quarantined by Windows Defender in AntiVirus, Firewalls and System Security
Like the first photo, sometimes Windows Defender shows which file it detected and quarantined. In this case, it's fine. 90848 But, sometimes, it doesn't show what files it detected and quarantined, and shows only perhaps "quarantined" files,...
Solved PUP Threats Detected By Malwarebytes in AntiVirus, Firewalls and System Security
Is anyone getting the pup.price.ninja threats? I get the same 4 pup threats every time Malwarebytes scans. I also noticed that I get advertisement popups while running Chrome that I don't get running Firefox. I have popups turned off but these...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 22:41.
Find Us