Where to restore quarantined items in Windows 10 creator update?

So far I had no joy so I dug around. There is a command line futility that can solve the problem if you grit your teeth and hold your tongue sideways.

1. Open a CMD prompt as adminstrator.
2. Visit the "C:\Program Files\Windows Defender" folder.
3. "dir *.exe" should show "mpcmdrun.exe". He is your best friend of the moment.
4. "mpcmdrun -?" gives a list of commands. Near the bottom are the interesting parameters. "-restore" says you want to restore.

mpcmdrun -restore -listall

  This shows a list of quarantined items.

mpcmdrun -restore -all

  This restores ALL quarantined items. Be afraid. Be very afraid. But it can be useful.

mpcmdrun -restore -name "fu.bar"

  This will restore fu.bar to its rightful place in the universe.

Then figure out how to submit a false detection report to the Windows crew. (In my case I knew freaking well the file was clean and legitimate. I'd designed and built the file myself - a midi device driver DLL. The build detected was 4 years old already.)

I hope this rescues at least one person from Quarantine Hell.

{^_^}   Joanne

Nothing has changed. We still have erroneous status reports in the Full history page just like we did in the All detected items page in the classic Defender interface. If a threat doesn't appear in the Quarantined threats list on the Scan history page, then it wasn't actually quarantined.

So we need to correct the documentation here:

https://www.microsoft.com/en-us/wdsi/help/antimalware-faq

On Windows Defender Antivirus for Windows 10 version 1703 and later:

1. Use the Windows search box to find and open the Windows Defender Security Center
2. Navigate to the Virus & threat protection > Scan history.
3. Under Quarantined threats, select See full history

On earlier versions of Windows:

1. Open Microsoft Security Essentials or Windows Defender.
2. Click the History tab.
3. Select Quarantined items and then View details. You might be asked for an admin password or to confirm your choice.

Once you have reviewed the quarantined items you can:

• Select Remove all to delete all quarantined software.
• Select individual files, and then click Remove or Restore.
• Select Quarantined items and then View details. You might be asked for an admin password or to confirm your choice.

GreginMich

Hi,

As per the description of the issue, you would like to know how to restore files that has been quarantined by Windows Defender. For us to assist you, here's a simple guide on how to see where the quarantined files are located:

1. Open Windows Defender.
2. Go to History tab.
3. In the History tab, check for Quarantined items.
4. Place a check on the file that you want to restore, this should enable Allow item.
5. Press Allow item, this should bring the file back to the original location.

To check where the files are located, kindly follow the steps listed below:

1. Open Windows Defender.
2. Go to History tab.
3. In the History tab, check for Quarantined items.
4. Click on view details.
5. In the description, it will show you the file path where it is located.

Let us know if the resolution provided works.

With respect to that final image, note that Quarantine entries in the Main Page have the "Restore" and "Remove" options. Unfortunately, only the most recent entries are listed here. If there were a number of hits (I got hit with a dozen for the recent false positive on Trojan:Win32/Peals.F!cl), then they instead move to the history. If you click "See full history", then the entries there only have the "Remove" option. "Restore" is not available.

A quarantine where you can check in, but you can never leave.

Nothing has changed. We still have erroneous status reports in the Full history page just like we did in the All detected items page in the classic Defender interface. 

same thing happened to me when connecting my external hard drive. I was able to find a solution to this, in the Cortana search bar window search Defender you should see 2 things the,  Select where it says Windows Defender Antivirus it should take you to the old Defender and their you might be able to restore the quarantine files.