Can I configure windows defender to never quarantine files

Page 2 of 3 FirstFirst 123 LastLast

  1. Posts : 12,413
    Win10 Version 21H2 Pro and Home, Win11 Pro
       #11

    This page may contain some helpful information:
    How to clear Windows Defender Protection History in Windows 10
      My Computers


  2. Posts : 36
    Windows 10 Pro, 20H2, 19042.867
       #12

    Thanks for the info @Berton :D, I thought deleting the protection history will only delete the logs but not the files in quarantine. Will delete the logs & check :).
      My Computer


  3. Posts : 11,320
    Windows 10 Home x64 Version 21H2 Build 19044.1706
       #13

    Technewbie said:
    I got some trojan's taking shelter in quarantine
    In the hope that it eases your workload, they are not "taking shelter" there. They are disabled. You do not have to do anything.

    Denis
      My Computer


  4. Posts : 36
    Windows 10 Pro, 20H2, 19042.867
       #14

    Try3 said:
    In the hope that it eases your workload, they are not "taking shelter" there. They are disabled. You do not have to do anything.
    Yeah I agree denis, they are disabled in quarantine. But I read sometime back that a security flaw(AVGator) allowed the quaratined files to be restored, idk if it had been exploited but I'm thinking of removing them manually to be at ease :)

    - - - Updated - - -

    Berton said:
    This page may contain some helpful information:
    How to clear Windows Defender Protection History in Windows 10
    Cleared the protection history through event viewer, the weird part is not even the protection history is cleared. I did not have this issue before, is this a new bug because of Microsoft renaming defender or did I miss something? :P. Defender is showing me only one file in quarantine even though I have 20+ when I checked through the
    Code:
    mpcmdrun.exe -restore -listall
    as you can see in the screenshot, the annoying part there is no option to remove even that single file (╮-)╮┳━━┳ ( ╯□)╯ ┻━━┻
    Attached Thumbnails Attached Thumbnails Can I configure windows defender to never quarantine files-weird.jpg   Can I configure windows defender to never quarantine files-cannot-remove-damn-itttt-.jpg   Can I configure windows defender to never quarantine files-screenshot-68-.png  
      My Computer


  5. Posts : 36
    Windows 10 Pro, 20H2, 19042.867
       #15

    Just a quick thought, what happens if i delete the quarantine folder located at C:\ProgramData\Microsoft\Windows Defender\Quarantine. Will that delete the files that stayed in the quarantine for nearly 25 days, as trying to restore them & delete them failed? 🤔
      My Computer


  6. Posts : 11,320
    Windows 10 Home x64 Version 21H2 Build 19044.1706
       #16

    Your WD behaves differently to mine. I can Remove an item in quarantine.

    Can I configure windows defender to never quarantine files-deleting-file-quarantine.png
    All the other entries you can see are also test files not real malware.


    I'm on
    Windows 10 Home x64 Version 1909 Build 18363.1082
    with WD
    4.18.2008.9-0
    [definitions 1.323.1492.0]

    Denis
    Last edited by Try3; 19 Sep 2020 at 13:37.
      My Computer


  7. Posts : 5,074
    21H1 64 Bit Home
       #17

    FYI: Until Microsoft fixes Defender you can do this:

    https://answers.microsoft.com/en-us/...d-c6059c8e0828

    Note   Note

    Since the implementation of W10 V2004, Windows Defender has now been defaulted to identify
    PUPS as a threat. As a result, many are now made aware of their presence. And they are "remediated",

    on the spot, to prevent them from causing any mischief.



    The problem occurs on the subsequent scans with Windows Defender. It identifies the same PUP again,

    and again. It has been determined that this is caused by the presence of the PUP in Protection History.

    It appears that the default remediation that Windows Defender applies to PUPs is to Block them,

    then leave them in Protection History .




    Note   Note

    Windows Defender is defaulted to scan its own "Scans/History". Resulting in the discovery of the malware over
    and over again. Even though, other scanners see no evidence of the malware on the PC. It doesn't exist!
      My Computer


  8. Posts : 13,930
    Windows 10 Pro X64 21H1 19043.1503
       #18

    Add an exception to not scan Defender directories perhaps?
      My Computers


  9. Posts : 24,515
    10 Home x64 (21H2) (10 Pro on 2nd pc)
       #19

    Try3 said:
    Your WD behaves differently to mine. I can Remove an item in quarantine.

    ....Windows 10 Home x64 Version 1909 Build 18363.1082
    So can I in 2004...

    Can I configure windows defender to never quarantine files-image.png

    ...the complication comes if you Restore rather than Remove. It not only restores the file, but adds an exclusion for that file in that particular folder. It will still be detected in any other folder, but now will be allowed to exist in the folder it was restored to.

    Can I configure windows defender to never quarantine files-image.png

    Unfortunately this Exclusion isn't listed in Windows Security's list of exclusions. The only way I know to undo that exclusion is to turn off Tamper Protection...

    Can I configure windows defender to never quarantine files-image.png

    ...take ownership of the TemporaryPaths key and grant Administrators full access. Delete the registry value for the excluded folder/file. Set the owner back to SYSTEM. Turn 'Tamper protection' back on.

    Can I configure windows defender to never quarantine files-image.png


    EDIT: while that worked in 1903 when I last tested this, so far I am unable to delete the exclusion in TemporaryPaths in 2004.


    EDIT2: Whatever I try in Windows I am denied access to delete or modify the value in TemporaryPaths, despite taking ownership and granting full permissions. The only way I can delete that value is when Windows isn't running. To do that I booted to Advanced Startup and a Command Prompt. Then I ran Regedit and loaded the SOFTWARE hive of the (now offline) system on the hard drive. From here you can delete that value.
    Last edited by Bree; 19 Sep 2020 at 14:06.
      My Computers


  10. Posts : 36
    Windows 10 Pro, 20H2, 19042.867
       #20

    Try3 said:
    Your WD behaves differently to mine. I can Remove an item in quarantine.
    Yeah exactly my problem ;-;, I never had this issue of not being able to remove an item(I had this in the past but the file is not present in quarantine that time around & it disappeared after defender update, unlike this time which existed for 26 days)

    - - - Updated - - -

    Callender said:
    Note   Note

    Windows Defender is defaulted to scan its own "Scans/History". Resulting in the discovery of the malware over
    and over again. Even though, other scanners see no evidence of the malware on the PC. It doesn't exist!
    Thanks for the info callender, but my problem is/was not PUP's but to remove the files in quarantine ;~;(which is resolved now idk why/how defender got rid of them though lel, maybe defender get's rid of them after 30days :P)

    - - - Updated - - -

    Ztruker said:
    Add an exception to not scan Defender directories perhaps?
    Yeah, to get rid of this issue I'm switching to Kaspersky cloud security rather than excluding every item to avoid the same issue :D

    - - - Updated - - -

    Bree said:
    ...the complication comes if you Restore rather than Remove. It not only restores the file, but adds an exclusion for that file in that particular folder. It will still be detected in any other folder, but now will be allowed to exist in the folder it was restored to.

    Unfortunately this Exclusion isn't listed in Windows Security's list of exclusions. The only way I know to undo that exclusion is to turn off Tamper Protection...

    ...take ownership of the TemporaryPaths key and grant Administrators full access. Delete the registry value for the excluded folder/file. Set the owner back to SYSTEM. Turn 'Tamper protection' back on.

    EDIT: while that worked in 1903 when I last tested this, so far I am unable to delete the exclusion in TemporaryPaths in 2004.

    EDIT2: Whatever I try in Windows I am denied access to delete or modify the value in TemporaryPaths, despite taking ownership and granting full permissions. The only way I can delete that value is when Windows isn't running. To do that I booted to Advanced Startup and a Command Prompt. Then I ran Regedit and loaded the SOFTWARE hive of the (now offline) system on the hard drive. From here you can delete that value.
    You listed exactly all my problems @Bree :D, I read about the last part of booting into recovery mode to delete a registry but haven't tried that since I waited for a alternate method, good to know that it works :). But unfortunately I cannot try the last part, my quarantine folder was cleaned yesterday automatically :P
    Code:
    Microsoft Windows [Version 10.0.19041.508]
    (c) 2020 Microsoft Corporation. All rights reserved.
    
    C:\WINDOWS\system32>cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0
    
    C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0>mpcmdrun.exe -restore -listall
    No quarantined items.
    
    C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0>
    The oldest file in quarantine was a speccy file on 18/08/2020, I guess from this that no matter what we do in 2004 build like changing the number of days the files will be quarantined, restoring to delete,....etc windows gets rid of them after 30 days(as it god rid of them in mine on 19/09/2020).

    Thanks for everyone for the info :D.

    (Would appreciate if anyone can tell me how to get rid of the files in quarantine(not the exclusion list, as bree showed a working method :D) permanently when it cannot be removed from defender or if it isn't showing up in defender at all, for future reference :).)
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 22:27.
Find Us




Windows 10 Forums