deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Added info about reboot required, plus new topic for restoring quarantined files.

Browse Source
This commit is contained in:
Andrea Bichsel (Aquent LLC) 2018-04-23 14:34:26 -07:00
parent ccf08e5ac7
commit 005bcd9283
3 changed files with 55 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
windows/security/threat-protection/TOC.md
View File

@ -242,6 +242,7 @@
#### [Configure and run scans](windows-defender-antivirus\run-scan-windows-defender-antivirus.md)
#### [Review scan results](windows-defender-antivirus\review-scan-results-windows-defender-antivirus.md)
#### [Run and review the results of a Windows Defender Offline scan](windows-defender-antivirus\windows-defender-offline.md)
#### [Restore quarantined files in Windows Defender AV](windows-defender-antivirus\restore-quarantined-files-windows-defender-antivirus.md)
### [Review event logs and error codes to troubleshoot issues](windows-defender-antivirus\troubleshoot-windows-defender-antivirus.md)

7
windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
View File

@ -65,6 +65,13 @@ Quarantine | Configure removal of items from Quarantine folder | Specify how man
Threats | Specify threat alert levels at which default action should not be taken when detected | Every threat that is detected by Windows Defender AV is assigned a threat level (low, medium, high, or severe). You can use this setting to define how all threats for each of the threat levels should be remediated (quarantined, removed, or ignored) | Not applicable
Threats | Specify threats upon which default action should not be taken when detected | Specify how specific threats (using their threat ID) should be remediated. You can specify whether the specific threat should be quarantined, removed, or ignored | Not applicable
>[!IMPORTANT]
>Windows Defender Antivirus detects and remediates files based on many factors. Sometimes, completing a remediation requires a reboot. Even if the detection is later determined to be a false positive, the reboot must be completed to ensure all additonal remediation steps have been completed.
></p>
>If you are certain Windows Defender AV quarantined a file based on a false positive, you can restore the file from quarantine after the device reboots. See [Restore quarantined files in Windows Defender AV](restore-quarantined-files-windows-defender-antivirus.md).
></p>
>To avoid this problem in the future, you can exclude files from the scans. See [Configure and validate exclusions for Windows Defender AV scans](configure-exclusions-windows-defender-antivirus.md).
Also see the [Configure remediation-required scheduled full scans for Windows Defender AV](scheduled-catch-up-scans-windows-defender-antivirus.md#remed) topic for more remediation-related settings.

47
windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md Normal file
View File

@ -0,0 +1,47 @@
---
title: Restore quarantined files in Windows Defender AV
description: You can restore files and folders that were quarantined by Windows Defender AV.
keywords:
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: andreabichsel
ms.author: v-anbic
ms.date: 04/23/2018
---
# Restore quarantined files in Windows Defender AV
**Applies to:**
- Windows 10
- Windows Server 2016
**Audience**
- Enterprise security administrators
**Manageability available with**
- Windows Defender Security Center
If Windows Defender Antivirus is configured to detect and remediate threats on your device, Windows Defender AV quarantines suspicious files. If you are certain these files do not present a threat, you can restore them.
1. Open **Windows Defender Security Center**.
2. Click **Virus & threat protection** and then click **Scan history**.
3. Under **Quarantined threats**, click **See full history**.
4. Click **Restore** for any items you want to keep. (If you prefer to remove them, you can click **Remove**.)
## Related topics
[Configure remediation for scans](configure-remediation-windows-defender-antivirus.md)
[Review scan results](review-scan-results-windows-defender-antivirus.md)
[Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md)
[Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md)
[Configure exclusions in Windows Defender AV on Windows Server](configure-server-exclusions-windows-defender-antivirus.md)