New
#11
This page may contain some helpful information:
How to clear Windows Defender Protection History in Windows 10
Can I configure windows defender to never quarantine files
-
-
-
-
New #14
Yeah I agree denis, they are disabled in quarantine. But I read sometime back that a security flaw(AVGator) allowed the quaratined files to be restored, idk if it had been exploited but I'm thinking of removing them manually to be at ease :)
- - - Updated - - -
Cleared the protection history through event viewer, the weird part is not even the protection history is cleared. I did not have this issue before, is this a new bug because of Microsoft renaming defender or did I miss something? :P. Defender is showing me only one file in quarantine even though I have 20+ when I checked through theas you can see in the screenshot, the annoying part there is no option to remove even that single file (╮°-°)╮┳━━┳ ( ╯°□°)╯ ┻━━┻Code:mpcmdrun.exe -restore -listall
-
New #15
Just a quick thought, what happens if i delete the quarantine folder located atC:\ProgramData\Microsoft\Windows Defender\Quarantine. Will that delete the files that stayed in the quarantine for nearly 25 days, as trying to restore them & delete them failed? 🤔
-
New #16
Your WD behaves differently to mine. I can Remove an item in quarantine.
All the other entries you can see are also test files not real malware.
I'm on
Windows 10 Home x64 Version 1909 Build 18363.1082
with WD
4.18.2008.9-0
[definitions 1.323.1492.0]
DenisLast edited by Try3; 19 Sep 2020 at 13:37.
-
New #17
FYI: Until Microsoft fixes Defender you can do this:
https://answers.microsoft.com/en-us/...d-c6059c8e0828
Note
Since the implementation of W10 V2004, Windows Defender has now been defaulted to identify
PUPS as a threat. As a result, many are now made aware of their presence. And they are "remediated",
on the spot, to prevent them from causing any mischief.
The problem occurs on the subsequent scans with Windows Defender. It identifies the same PUP again,
and again. It has been determined that this is caused by the presence of the PUP in Protection History.
It appears that the default remediation that Windows Defender applies to PUPs is to Block them,
then leave them in Protection History .
Note
Windows Defender is defaulted to scan its own "Scans/History". Resulting in the discovery of the malware over
and over again. Even though, other scanners see no evidence of the malware on the PC. It doesn't exist!
-
-
New #19
So can I in 2004...
...the complication comes if you Restore rather than Remove. It not only restores the file, but adds an exclusion for that file in that particular folder. It will still be detected in any other folder, but now will be allowed to exist in the folder it was restored to.
Unfortunately this Exclusion isn't listed in Windows Security's list of exclusions. The only way I know to undo that exclusion is to turn off Tamper Protection...
...take ownership of the TemporaryPaths key and grant Administrators full access. Delete the registry value for the excluded folder/file. Set the owner back to SYSTEM. Turn 'Tamper protection' back on.
EDIT: while that worked in 1903 when I last tested this, so far I am unable to delete the exclusion in TemporaryPaths in 2004.
EDIT2: Whatever I try in Windows I am denied access to delete or modify the value in TemporaryPaths, despite taking ownership and granting full permissions. The only way I can delete that value is when Windows isn't running. To do that I booted to Advanced Startup and a Command Prompt. Then I ran Regedit and loaded the SOFTWARE hive of the (now offline) system on the hard drive. From here you can delete that value.Last edited by Bree; 19 Sep 2020 at 14:06.
-
New #20
Yeah exactly my problem ;-;, I never had this issue of not being able to remove an item(I had this in the past but the file is not present in quarantine that time around & it disappeared after defender update, unlike this time which existed for 26 days)
- - - Updated - - -
Thanks for the info callender, but my problem is/was not PUP's but to remove the files in quarantine ;~;(which is resolved now idk why/how defender got rid of them though lel, maybe defender get's rid of them after 30days :P)
- - - Updated - - -
Yeah, to get rid of this issue I'm switching to Kaspersky cloud security rather than excluding every item to avoid the same issue :D
- - - Updated - - -
You listed exactly all my problems @Bree :D, I read about the last part of booting into recovery mode to delete a registry but haven't tried that since I waited for a alternate method, good to know that it works :). But unfortunately I cannot try the last part, my quarantine folder was cleaned yesterday automatically :PThe oldest file in quarantine was a speccy file on 18/08/2020, I guess from this that no matter what we do in 2004 build like changing the number of days the files will be quarantined, restoring to delete,....etc windows gets rid of them after 30 days(as it god rid of them in mine on 19/09/2020).Code:Microsoft Windows [Version 10.0.19041.508] (c) 2020 Microsoft Corporation. All rights reserved. C:\WINDOWS\system32>cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0>mpcmdrun.exe -restore -listall No quarantined items. C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0>
Thanks for everyone for the info :D.
(Would appreciate if anyone can tell me how to get rid of the files in quarantine(not the exclusion list, as bree showed a working method :D) permanently when it cannot be removed from defender or if it isn't showing up in defender at all, for future reference :).)
Quote
Related Discussions
