Windows-itpro-docs: PowerShell
Who would you do it from PowerShell or Cmdline?
Dokumentdetails
⚠ Bearbeiten Sie diesen Abschnitt nicht. Er ist für die Verknüpfung von docs.microsoft.com zum GitHub-Artikel erforderlich.
- ID: de416fda-04fb-6780-6675-020fdc2426ba
- Version Independent ID: ede7f3c1-ba3a-e331-80d8-c992b3d7f9a4
- Content: Wiederherstellen von unter Quarantäne gestellten Dateien im Windows Defender AV
- Content Source: windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md
- Product: w10
- GitHub Login: @andreabichsel
- Microsoft Alias: v-anbic
vrdse
All 10 comments
Oh, you mean "How to Restore quarantined files in Windows Defender AV" by using PowerShell or command line (cmd).
I don't have a preference yet, but I would start by searching for what other people have done and what other pages recommend:: https://www.bing.com/search?q=Restore+quarantined+files+in+Windows+Defender+AV+from+command+line+or+PowerShell&qs=n&form=QBLH&sp=-1&pq=restore+quarantined+files+in+windows+defender+av+from+command+line+or+powershell&sc=0-80&sk=&cvid=B2A074B5558F495D85E5E95B7F3F7657
illfated
on 15 Mar 2019
Yeah right, I know how to restore quarantine files, I just felt like this should be part of the documentation. ;)
vrdse
on 15 Mar 2019
If you or anyone else have got a good idea of the material needed to expand this documentation page, we could open a Pull Request to ask for it to be added. 💻 📂 📝
illfated
on 15 Mar 2019
Open CMD and Goto below file path
cd C:\Program Files\Windows Defender
mpcmdrun -Restore -ListAll //shows all signature name and malware in quarantine
mpcmdrun -Restore -ListAll -Name HackTool:Win32/Keygen -All -Path E:\test //put the relavant signature name and export location
jai6684
on 28 Mar 2019
@officedocsbot assign @e0i
e0i
on 9 May 2019
@vrdse @illfated @jai6684
Thank you all for your feedbacks productive discussion.
The issue is being routed to Windows PowerShell writing team for investigation. You'll be notified with relevant updates as content gets updated.
Kind regads.
e0i
on 9 May 2019
Restore to a different location:
mpcmdrun -Restore -All -path %appdata%
See example below
C:\Program Files\Windows Defender>mpcmdrun -Restore -All -path %appdata%
Restoring the following quarantined items to C:\Users\Admin\AppData\Roaming:
ThreatName = HackTool:Win32/Keygen
file:\FileSHARE\Laptop backup\Downloads\keygen.exe quarantined at ?5/?21/?2019 11:17:18 PM (UTC) was restored
C:\Program Files\Windows Defender>
Go and open folder %Appdata% and retrieve from roaming in this example. ou could reall set any location, but I suggest sending to a folder you prefer within your profile.
StereoOxide
on 22 May 2019
Slightly modified, in terms of text formatting (using MarkDown to add code block fences):
Restore to a different location:
mpcmdrun -Restore -All -path %AppData%
See example below
C:\Program Files\Windows Defender>mpcmdrun -Restore -All -path %appdata%
Restoring the following quarantined items to C:\Users\Admin\AppData\Roaming:
ThreatName = HackTool:Win32/Keygen
file:\FileSHARE\Laptop backup\Downloads\keygen.exe quarantined at ?5/?21/?2019 11:17:18 PM (UTC) was restored
C:\Program Files\Windows Defender>
Go and open folder %AppData% and retrieve from roaming in this example.
You could really set any location, but I suggest sending to a folder you prefer within your profile.
illfated
on 22 May 2019
@vrdse
Upon your feedback, We have updated the content with relevant changes accordingly. Thanks.
e0i
on 13 Aug 2019
@officedocsbot close
e0i
on 13 Aug 2019
Related issues
RAJU2529
·
3Comments
ang216
·
3Comments
ruffy91
·
3Comments
zjalexander
·
3Comments
sundhaug92
·
3Comments
Most helpful comment
Yeah right, I know how to restore quarantine files, I just felt like this should be part of the documentation. ;)