This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
"C:\ProgramData\Microsoft\Windows Defender\Quarantine"
The above folder is inaccessible.
I've run MpCmdRun.exe -Restore -ListAll and there are item in there.
How do you delete these?
Thanks
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 72%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Thank you.
>>1. Is this stuff kept, or is it just a reference?
If you have cleared items, it must be a reference.
>>2. If the latter, where is this reference kept?
Possibly in some database or Registry - I will need to check those resources.
>>3. The Windows Defender folder shows 615Mb - surely this isn't just the program, it's storing something.
Same. I think that is the Windows Defender Data.
Hope that helps, and rely on us for any further inquiries. All the best.
Ok thanks for that.
So, if you run in a command propmpt:
C:\Program Files\Windows Defender>MpCmdRun.exe -Restore -ListAll
It states:
The following items are quarantined:
ThreatName = Trojan:Script/Wacatac.B!ml
AND it lists, for me , around15 thread names... one after the other.
So I suppose the questions are:
Cheers.
Hi DiggerDavey,
I'm Sumit, here to answer your query at the Microsoft Community.
Apologies for any inconvenience you are experiencing. We are happy to help you.
Yes. You can't access that folder. This is by design. You won't want certainly that the virus should spread, hence the folder is protected.
Do these steps not help remove quarantined items?
Press the Windows key and type Windows Security.
Click on the Windows Security app from the search results.
In the Windows Security window, click on Virus & threat protection.
Under the Current Threats section, click on Protection History.
In the Protection history window, use the Filters drop-down menu to select Quarantined items.
Click on the quarantined item you want to remove.
A window will pop up; click Yes to confirm.
Click on the Action button and select Remove.
You can also use Remove-MpThreat CMDLET to remove the quarantined threats in Powershell.
Hope that helps, and rely on us for any further inquiries. All the best.
