diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index f91ae2f8f5..1a276c4a0a 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -267,6 +267,7 @@
 #### [Configure and run scans](windows-defender-antivirus\run-scan-windows-defender-antivirus.md)
 #### [Review scan results](windows-defender-antivirus\review-scan-results-windows-defender-antivirus.md)
 #### [Run and review the results of a Windows Defender Offline scan](windows-defender-antivirus\windows-defender-offline.md)
+#### [Restore quarantined files in Windows Defender AV](windows-defender-antivirus\restore-quarantined-files-windows-defender-antivirus.md)
 
 
 ### [Review event logs and error codes to troubleshoot issues](windows-defender-antivirus\troubleshoot-windows-defender-antivirus.md)
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
index 27f2b3e2e4..8fbf0984c3 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
@@ -65,6 +65,13 @@ Quarantine | Configure removal of items from Quarantine folder | Specify how man
 Threats | Specify threat alert levels at which default action should not be taken when detected | Every threat that is detected by Windows Defender AV is assigned a threat level (low, medium, high, or severe). You can use this setting to define how all threats for each of the threat levels should be remediated (quarantined, removed, or ignored) | Not applicable
 Threats | Specify threats upon which default action should not be taken when detected | Specify how specific threats (using their threat ID) should be remediated. You can specify whether the specific threat should be quarantined, removed, or ignored | Not applicable
 
+>[!IMPORTANT]
+>Windows Defender Antivirus detects and remediates files based on many factors.  Sometimes, completing a remediation requires a reboot.  Even if the detection is later determined to be a false positive, the reboot must be completed to ensure all additional remediation steps have been completed.
+></p>
+>If you are certain Windows Defender AV quarantined a file based on a false positive, you can restore the file from quarantine after the device reboots. See [Restore quarantined files in Windows Defender AV](restore-quarantined-files-windows-defender-antivirus.md).
+></p>
+>To avoid this problem in the future, you can exclude files from the scans. See [Configure and validate exclusions for Windows Defender AV scans](configure-exclusions-windows-defender-antivirus.md).
+
 
 Also see the [Configure remediation-required scheduled full scans for Windows Defender AV](scheduled-catch-up-scans-windows-defender-antivirus.md#remed) topic for more remediation-related settings.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md
new file mode 100644
index 0000000000..db4d6528c0
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md
@@ -0,0 +1,47 @@
+---
+title: Restore quarantined files in Windows Defender AV
+description: You can restore files and folders that were quarantined by Windows Defender AV.
+keywords: 
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/23/2018
+---
+
+# Restore quarantined files in Windows Defender AV
+
+
+**Applies to:**
+
+- Windows 10
+- Windows Server 2016
+
+**Audience**
+
+- Enterprise security administrators
+
+**Manageability available with**
+
+- Windows Defender Security Center
+
+If Windows Defender Antivirus is configured to detect and remediate threats on your device, Windows Defender AV quarantines suspicious files. If you are certain these files do not present a threat, you can restore them.
+
+1. Open **Windows Defender Security Center**.
+2. Click **Virus & threat protection** and then click **Scan history**.
+3. Under **Quarantined threats**, click **See full history**.
+4. Click **Restore** for any items you want to keep. (If you prefer to remove them, you can click **Remove**.)
+
+## Related topics
+
+- [Configure remediation for scans](configure-remediation-windows-defender-antivirus.md)
+- [Review scan results](review-scan-results-windows-defender-antivirus.md)
+- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md)
+- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md)
+- [Configure exclusions in Windows Defender AV on Windows Server](configure-server-exclusions-windows-defender-antivirus.md)
+