Possible to batch view/restore/delete quarantined files from Windows Defender?

windows-10 windows-defender

tl;dr: Is there a way to batch-view + restore items that have been quarantined by Windows (10) Defender?

In Windows 10, to restore a quarantined file from Windows Defender -- which silently whisks files away into quarantine, willy-nilly, with no indication or heads-up about it -- requires an absurd number of clicks:

  1. Click Start button
  2. Type Virus (Protection) and click/enter
  3. Click "Threat history"
  4. Click (the wholly unnecessary) drop-down arrow on an individual threat (...look at all the open unused space to the right -- display the "extra" info and shift the buttons over there, no drop-down necessary!)
  5. Click "See details"
  6. Click "Yes" to UAC prompt
  7. Now finally able see the filename this threat pertains to (...why isn't the filename the default piece of information shown?! And that's assuming only one piece of info can be shown upfront per entry, which is nonsensical)
  8. Click "OK" on the popup modal
  9. Click "Restore" button
  10. Click "Yes" to UAC prompt (again)

...one quarantined file down. High-fii-ive!

I was hoping that NirSoft, i.e. the hero that Gotham needs, may have come to the rescue with a utility that could connect into the Windows Defender backend to display all threat + quarantine information for everything all at once, in tabular format, and, if possible, the spectacular ability to batch-select items and restore (or delete) them all at once, vs. the savage click-fest necessitated via Windows 10's "Control-Settings-Control-Panel" ...and for every individual item. But unfortunately, to no avail (bless his freedom-fighting heart nonetheless, however).

It goes without saying, but this is just one drop in an oceanic-sized bucket of my Windows 10 design gripes. Help us Obi-Win7-Kenobi. You're our only hope.


Solution 1:

Fairly easy to do with from the CMD prompt or with a batch script. To list the files in quarantine by script:

  • Right-click the desktop and create New>Notepad document (or text file).
  • Right-click the file and Edit.
  • Enter the following:

cd %ProgramFiles%\Windows Defender

MpCmdRun.exe -Restore -ListAll

pause

  • Save the changes and run the batch file as Administrator.

To list the files in quarantine from CMD as Administrator:

  • Press Windows, type cmd, and press CtrlShiftEnter
  • Press AltY to confirm it in the UAC dialog.
  • Enter

    "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Restore -ListAll

To restore specific files:

  • Looking at the list of quarantined items, select by name what should be restored by entering the following:

    "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Restore -Name "filename"

  • Or, to restore all files,

    "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Restore -All

For more information on MpCmdRun, enter MpCmdRun.exe /? in a CMD prompt, or see the description from MS.

Related

Is there a S.M.A.R.T. for Flash Drives?
MP3 Slice Repetitive Lines
How can a partial image backup or restore be performed?
Wireless G/Wireless N/and ATA/wired ethernet
Unable to SSH to my virtual machine via Windows Power Shell ISE
Qt doesn't show
How to troubleshoot CPU HW crash in Ubuntu 18.04
Accidentally added architecture 1386 instead of i386
Hide Specific Running Applications from Dock (Side Bar) on Ubuntu 18.04
How to hide running app icon from gnome panel QML PyQt5
Hiding Running applications from dock
Ubuntu crashed now Windows 10 doesn't boot