New
#11
How do I remove quarantined threats
-
-
New #12
Since Defender did it's job by identifying and quarantined the threat, what will I gain by testing it as you suggest?Makes no difference, it is the same in Home as in Pro (I have Pro on another machine).
So Bree, why would your Threat History page show Remove and Remove All buttons, and mine does not? When I open (click on) Threat History, I see this
Then from there, I click on See Full History, and I get this
No where, do I see a Remove button like your image shows.
Zbook's suggestion to run the MSRT is a good one. If that is clear, you may want to test Defender with a safe test 'virus'.
Intended use ° EICAR - European Expert Group for IT-Security
I wrote this .bat file to create the EICAR test file. If you download it you will need to unblock it before you can run it. Running it will attempt to create the file, which should be immediately detected by Defender. Shortly after it should appear as a Quarantined file. This was how I made my screenshots earlier.
-
New #13
Run Windows defender offline.
These are additional methods to scan for HTML/Brocoiner!rfn
TrojansHow to remove Trojan:HTML/Brocoiner adware (Virus Removal Guide)December 9, 2017 by Stelian Pilici
Trojan:HTML/Brocoiner!rfn threat description - Windows Defender Security Intelligence
How to remove Trojan:HTML/Brocoiner adware (Virus Help Guide)
Troubleshoot detection and removal of viruses, malware, and other threats - Windows Defender Security Intelligence
Free Antivirus Replacement & Anti-Malware Tool | Malwarebytes
HitmanPro Malware Removal Tool: Secondary Anti-Virus Scanner | Download HitmanPro 3.7
Emsisoft | Emergency Kit: Free Portable Malware Scan and Removal
-
New #14
It does say under 'Quarantined threats' that "Quarantined threats have been isolated and prevented from running on your device. They will be periodically removed". It could just be that by now they have been automatically removed. It's a possibility as your detections were a few days ago on the 5th. My test was less than 24 hours ago so the quarantined file has not (yet) been automatically removed.
Just reassurance that it's working as designed.Since Defender did it's job by identifying and quarantined the threat, what will I gain by testing it as you suggest?
-
New #15
OK Bree. I ran the EICAR test file, and Defender intercepted it immediately. Guess it's working as designed. It shows up as being quarantined, but still no option to Remove from quarantine. So your thought about the Trojan entries possibly being already removed seems to be shot down. Would also believe that when they are automatically removed, I would no longer see the entries, don't you think?
-
New #16
"My uneducated guess is that the tool does not look in the area where it is already quarantined."
That is true. The scans are looking for infections but the computer isn't infected. I've seen what you are seeing a some computers recently.
On the computers in which I have removed similar quarantines those computers were on 1709: it appears that shouldn't make a difference as mentioned in a prior post.
But in order for me to remove the quarantined items , I wasn't able to remove them all at once. I had to select each one individually, what I don't recall is whether I used the Severe arrow, the See details choice or just selected the Trojan itself. See what happens when you try to clear each one at a time.
-
New #17
Already tried that - No Remove button anyplace. BUT...
Just went back to try individually removing the Test file (Previously only tried it on the Trojans). Now the History page shows only the EICAR Test file; the 3 Trojans are gone... AND now I have a Remove All button!
Looks like the auto removal waits 3 days (June 5 when it was detected to today, June8). Guess that makes sense, but absolutely no idea why I didn't have a Remove button until now. Probably doesn't matter since all seems to be working fine now - I did click on the Remove All button, and the EICAR Test file was removed.
Thanks you ever so much for your attention and help on this!
-
New #18
I'll be able to confirm that in a couple of days, I've deliberately not removed my EICAR test file from quarantine
I've noticed that there's often a short delay between detection/blocking and the file appearing in quarantine.Just went back to try individually removing the Test file ... now I have a Remove All button!
-
-
New #19
Thanks ALN, very informative.
I'd like to share this information I had found
How to configure quarantine files removal on Windows Defender Antivirus
How to configure quarantine files removal on Windows Defender Antivirus | Windows Central
In my case on my computer (NOTE: I don't have a quarantined threats, I just wanted to find out what my configuration is) there wasn't any configuration for quarantine files removal on Windows Defender Antivirus and I left the it alone.
In my prior post about my experience of removing the quarantined items individually, they were done the same day as the attempted infection occurred. The owner in each situation saw that Windows Defender recommended a restart which they did and called me up. I was able to remove each one individually as I mentioned but if I get more experience as time goes on, this is an excellent thread to refer to.
-
New #20
Thanks MeAndMyComputer for the link. Very well written and easy to follow. My system is set at "Not configured." I elected not to change it at this time because there seems to be conflicting information that I hope somebody can clear up:
When I open Threat History, I see this
it clearly says Quarantined threats will be periodically removed. My Group Policy Editor shows "Not configured," and the explanation there (and in the site you referenced) says if not configured, the quarantined items will stay in the quarantined folder forever. So the Threat History says they will be periodically removed (and in my case, the 3 Trojans were removed, and not manually by me) but the Group Policy Editor says they will stay forever. I'm confused.
Quote
Related Discussions
