Windows Defender is an antivirus that we can find by default in both Windows 10 and Windows 11. Over time and its good work, it has managed to become an excellent alternative to commercial antiviruses. This antivirus has many functions and features, such as, for example, the possibility of launching on-demand scans or, as we are going to explain, quarantine where to save the files before deleting them from the computer.
When Windows Defender detects a virus on our computer, it automatically moves it to quarantine so that our system is protected. Once there, it’s up to us to look to see what kind of malware it was or where it was hidden. Also, in case it is a false positive, from this quarantine it allows us to restore it in order to continue using it.
What is the Quarantine function in an antivirus
When we talk about Windows Defender or any other antivirus putting an object in quarantine, it is something similar to when a person is quarantined when they catch a virus and to prevent them from spreading it if it could be dangerous.
In this way, when we run a scan with the antivirus, in case it finds some suspicious file of containing malignant elements offers us the possibility of quarantine it. In this way, it places it in a separate and identified list, so that it does not put the stability of the system at risk.
And it is that antiviruses have not been programmed so that they are able to assume if each file that is found that looks like a virus and acts like a virus, is really a virus. It is because of that not able to remove automatically all potentially malicious files indiscriminately, but it can prevent it from running on our system, until we decide otherwise.
Thanks to this quarantine, our computer will be safe. Also, we will have a virus backup in question, deactivated, so that, if it is a false positive, we can recover the file, which, if it had been completely deleted, would not be possible.
View, delete and recover quarantined files
In order to see the threats neutralized by the antivirus, the first thing we must do is open the main Windows Defender window. To do this we write Windows Security in the search box of the Start menu and select it.
Once in its interface, we go to the section “Virus and Threat Protection». In the new window that appears, we can see a summary with the status of our antivirus, the protection history, the files analyzed, etc. If the antivirus has detected a potentially unwanted application or file, it will appear here. If we click on the Actions section we can choose between «Quarantine”“Remove” or “Allow on device”.
Now, when you click on the option “Protection history” we will be able to see in detail the results of the latest security tests carried out on our computer. Here, we will be able to see a section called «Filters», that when clicking on it a menu will be displayed where we can select that only the “Items in Quarantine”which, as the name suggests, is where these threats will be saved instead of being removed.
If we click on one of these threats we will be able to see more information about it. If we click on the button “Remove” We will automatically remove the threat from our computer completely. In case it is a false positive, what we must do is choose the option “Restore” which allows us to move the file back to its original path so that we can continue using it.
In case we need more details about the threat in question, we can see details where we will see the severity, the original route of the threat, information about it and a link called “More information” that will take us to a Microsoft file about that threat. .
If we are not sure if it is a virus or a false positive, we can opt for a second opinion by uploading it to VirusTotal so that we know how many viruses consider it dangerous and whether it is a harmless application or really a threat.
Set up quarantine in Windows Defender
From the Microsoft operating system it is possible to configure the antivirus so that it can automatically delete the items that are in quarantine after a certain number of days.
Using the directive editor
If we are using Windows 10 in its Pro or Enterprise version, or Windows 11, you can use the Local Group Policy Editor to be able to configure the elimination of threats in the Quarantine folder after a certain period.
The first thing is to use the key combination “Windows + R” to open the Run command. Here we write gpedit.msc and click OK or press Enter. Once here we navigate to the route:
Configuración de equipo / Plantillas administrativas / Componentes de Windows / Antivirus de Microsoft Defender / Cuarentena
Here, in the right panel we double click on Configure deletion of items from the Quarantine folder. In the new window we click on “Enabled”, and in the “Options” section we select the number of days that we want to keep the infected items in quarantine, after which Windows Defender will delete them. Finally, click on Apply and OK to save the changes.
At any time we can reverse the situation by going back to the previous steps and selecting “Not configured”.
It is also possible to change the Windows Defender Quarantine settings from the by editing the Windows Registry.
To do this we are going to open the Run command by pressing the Windows + R key combination. Here we will write regedit and click OK or press Enter. Once in the Registry we navigate to the following location:
HKEY_LOCAL_MACHINE / SOFTWARE / Policies / Microsoft / Windows Defender
Once here, we right-click on the Windows Defender folder and select “New” and “Key”. we name it quarantine and press Enter.
Now we right-click on the Quarantine folder, select New and click DWORD (32-bit) Value. name we put PurgeItemsAfterDelay and press Enter. We double-click on it and in the Value data field we specify the number of days that the antivirus should keep the items in quarantine before deleting them. Click OK to save the changes.