Windows Defender deleting files RRS feed

  • Question

  • I have all my passwords and other important data saved within a password protected (fsekrit)  *.exe file - which I have used for years as it offers a secure password to be used for a notepad file. Today I tried to open this *.exe data file and a message displayed "Virus & threat Protection. Threat found. Windows defender found threats". Then (with no confirmation of the potential virus threat by me) the system deleted the file. I didn't realize that the file had been deleted because of the type of file it is (as first time around I didn't read the message properly) -  so I stupidly loaded my backup of the file and that got deleted as well. So now I only have an old backup from a couple of months ago - so if I cannot recover the 'deleted' file, I have lost a lot of important key data - all recent passwords and account details etc.

    I ran a check to see if the file had been 'quarantined' ie ran 

    “%ProgramFiles%\Windows Defender\MpCmdRun.exe” –Restore –Name EUS:Win32/CustomEnterpriseBlock –All

      from the CMD prompt, but it returned a message:  'No quarantined items' - so it seems that the file may have been deleted not quarantined. Is it really possible that Microsoft would actually delete such files?.

    Can you advise how I recover the file, thanks (I will then move the data out of a '*.exe' file to avoid a repeat in future).
    Would really appeciate your help, thanks Peter

    Thursday, January 4, 2018 10:13 PM

All replies

  • This is the Windows Defender ATP forum (not to be confused with Windows Defender).

    I bet your question is better suited elsewhere :-)

    Anyway, have you had a look in: C:\ProgramData\Microsoft\Windows Defender\Quarantine

    And what about the Scan History in the Security Center. It will tell you what happened. (and this is where you usually would recover the quarantined item)

    Note that policies applied by your company (if this is a corporate computer) might dictate that files are deleted straight away.

    Martin Bengtsson | www.imab.dk

    Sunday, January 7, 2018 6:38 PM
  • I have the same problem. I'm not in an enterprise, just using W10 Pro. Defender keeps saying it quarantined a specific file, but gives no option to restore. Looking in the directory you mentioned doesn't help since everything there is coded somehow. I also tried the command line the OP did, with the same results: "No quarantined items." Defender should not be summarily deleting files.
    Tuesday, February 13, 2018 9:06 PM