How to recover files deleted by Windows Defender?

Many PC users have experienced data loss due to Windows Defender deleting important files due to false positive threat detection or because of a document containing malware. How can you restore files deleted by Windows Defender, and how can you reduce the number of future incidents?

How to recover files

Before we begin, it is important to find out why a particular file or document was picked by Windows Defender. Malicious documents or infected executable files may affect the operating system or programs. Such files are subject to quarantine or complete erasure.

Without this protection, our computers would not be safe to use; their performance would degrade, and sooner or later you would experience severe loss of data.

In order to protect computer users and to maintain the PC health and performance, the antivirus always seeks to prevent possible threats and eliminate them long before they inflict the first damage. Sometimes these preventive actions lead to the loss of files the user would not want to lose. Some other times antivirus tools have false positive detections (for example, due to digital signature mismatch, revocation or expiration), and sometimes the particular file is mistakenly reported to the manufacturer of an antivirus tool for no obvious reason.

Can we restore such files while bypassing the Windows Defender system? We definitely can!

In this article, we will take a closer look at what Windows Defender is, how to enable or disable it, and its main functions. We’ll also answer the burning question: do you actually need a third-party antivirus tool if Windows has a built-in antivirus already?

What is Windows Defender Offline?

Windows Defender is more than just a virus scanner. Instead, Windows Defender is a built-in protection system for the entire operating system. It is designed to detect, prevent and eliminate malicious software, spyware and other malware that can damage your data or your computer. Windows Defender is provided by Microsoft as a built-in tool in Windows 8, Windows 10 and newer versions.

If you are using an older version of Windows, you can always download Microsoft Security Essential, which is backwards compatible with Windows Vista and Windows 7.

What is the difference between them? Both tools are able to provide the same effective kind of protection for your operating system, so one may think that only the names are different.

Windows Defender has substantial benefits over Microsoft Security Essential because of its tight low-level integration with the OS. In fact, the operating system gets a lot of protection from rootkits and bootkits when using the latest versions of the Defender.

There are different types of viruses that can sneak and hide in our devices and completely disable built-in antivirus software.

Windows Defender Offline is designed to help solve this complex situation by working from the outside. With Windows Defender Offline, you can boot your computer straight into the antivirus, scan your computer and delete the virus while it is not running.

Here’s how to activate Windows Defender Offline.

  • 1.Press Start > Settings > Update & Security > Windows Security > Virus & threat protection.
  • 2.Click Run a new advanced scan.
  • 3.In Advanced scans, select Windows Defender Offline scan and click Scan now. Your computer will be rebooted straight into Windows Defender. The tool will then scan your computer for about 15 minutes, then restart the system to get you back to Windows.

How to enable or disable Windows Defender?

You probably never asked this question before. The antivirus works, and there’s nothing to worry about. But what if it shuts down for some reason and needs to be turned back on?
Even in spite of the fact that Microsoft hid the on/off function deep enough in the depths of the system setting, it can still be found. Let’s see how to find it:

1. Use the Win + I key combination to open the Settings menu.

2. Go to Update and Security.

Windows Settings menu

3. Select the Windows Security item.

4. Select the Open Windows Defender Security Center option.

Windows security menu

5. Find the gear icon in an opened window. It will allow you to go to the Settings section of the built-in antivirus.

Windows Defender settings can be found in a sidebar menu
Helpful tip
You can always set notification mode to receive notifications in that window.

6. Open the Virus and Threat Protection Settings.

Windows Defender Security Center

7. We have reached the point. In this menu, you can enable or disable any of the three Windows Defender settings:

  • Real-time protection;
  • Cloud-delivered protection;
  • Automatic sample submission;

Windows Defender Quarantine

Before deleting any suspicious file, Windows Defender always places it in quarantine, briefly describing the nature of the possible threat and the potential threat level that threat may pose. In this chapter, we will find the exact location of the “suspects”.

By default, the Windows Defender virus storage is located under the following path: C:\ProgramData\Microsoft\Windows Defender\Quarantine. However, we recommend you to interact with them only through antivirus software as it is much more reliable.

Location of the Quarantine folder
Note:
The ProgramData folder is hidden by default. If you want to see it, you must first enable the display of hidden folders and files in the Explorer settings.

How to open Quarantine with Windows Defender?

It’s simple! Follow the steps below and you will quickly solve it.

1. Use the Win + I key combination to open the Settings menu.

2. Go to Update and Security.

Windows Settings menu

3. Select the Windows Security item.

4. Select the Open Windows Defender Security Center option.

Windows Defender Security Center in Windows Security

5. Open the Virus and Threat Protection window.

Virus and threat protection menu

6. Open the Threat Log. You can also scan your device in this section.

7. Here you can see the complete list of available and eliminated threats that Windows Defender placed in quarantine. Quarantined items are absolutely harmless while they’re held in quarantine.

8. Press the Show Details to examine quarantined files.

9. In the same quarantine menu, you can delete a specific file or all detected viruses at any time by clicking the Delete button next to the desired file, or using the Delete all command to erase all files.

Windows Defender Exclusions

In certain cases, an antivirus can block even completely safe files that interact with the system and other applications in one way or another. For one or another reason, the antivirus may consider them to pose a threat. This situation is called a false positive detection. Files that are falsely detected as threats will also be quarantined. However, such files are often parts of an installed program. Placing such files into quarantine prevents the correct functionality of affected applications.

If you are absolutely sure a particular file poses no threat, you can manually fix false positive detection by adding the locked file to the list of exclusions.

Let’s look at detailed instructions on how to do this.

1. As described in the previous chapter, open the Windows Defender window.

2. Go to Virus and Threat Protection.

Virus and threat protection menu

3. Open the Virus and Threat Protection Settings.

Windows Defender Security Center settings

Scroll to the bottom of the window and find the Exclusions option. Click Add or remove exclusions.

Exclusions in Windows Defender settings

5. Click Add exclusion and select the type.

6. Specify the path to the file, folder, file type or process that you want to add as exclusion.

If you have several programs that are falsely detected by Windows Defender, you can place all of them into a separate folder. This will ensure that these files are excluded from future detections.

Important:
We highly recommend you to never upload files obtained from untrusted sources to the Exclusion folder. Nobody wants to give a virus control over your computer. Such a careless action can lead to rather unpleasant consequences.

Windows Defender deleted an important file. What to do?

Starus Partition Recovery

It is common for a user to simply not know how to recover a deleted file. Windows Defender blocks all attempts to recover files it deletes. Truth be told, this can sometimes save your operating system from hacking and prevent identity theft.

However, even good intentions are not always beneficial, and you may still want that deleted file back.

If you want to recover files removed by Windows Defender, you can perform low-level analysis of the disk on which the file is located with Starus Partition Recovery tool. After the scan is complete, perform the recovery to an external drive such as a USB flash drive. This will help you bypass the block imposed by Windows Defender and recover the files that were recently lost.

Top of the line product to repair broken partitions and recover missing information

Starus Partition Recovery has an intuitive user interface and offers convenient grouping by file type. You’ll be able to find the right file in a matter of seconds.

Do I need a third-party antivirus in Windows 10?

If Windows Defender is really this good, why are there so many third-party options? Are third-party antivirus tools made by companies specializing in computer security better than the built-in Microsoft antivirus? This is a very reasonable question. The answer depends on who you are and what you need.

Windows Defender is a robust built-in antivirus tool that is distributed by Microsoft for free with the OS itself. Windows Defender is well maintained and frequently updated. If you are using your computer at home, Windows Defender is probably all you need. If, however, you are working in a sensitive environment or dealing with sensitive data, or if you are managing a large network, or if the computer is part of a campus network or a publicly accessible one, then you may need a different solution with stronger protection and tighter restrictions.

Do note that updates are very important. New threats appear almost every other day. New threats cannot be detected or stopped by outdated versions of antivirus tools. If you do not receive timely updates, you will be in a worse situation than by not using an antivirus at all due to the sense of false security.

Skip to the video
Recover Deleted Files and Repair Corrupted Partitions

Recover Deleted Files and Repair Corrupted Partitions

We hope you found this article useful and helped you recover deleted files with Windows Defender.

  • Evaluations:
  • 3
  • /
  • Rating:
Ruslan Yermolov

Ruslan Yermolov

Data recovery expert - providing practical advice on how to use simple tools to solve complex data recovery and data protection problems on today's storage devices. Education - Manager Economist, and since 2010 the creator of Starus Recovery, developer of the eponymous website, which provides users with a wide range of software for digital information recovery.

Author's page

FAQ

Read Our Frequent Questions

They need to be restored from the Windows Defender Quarantine and added to exclusions. If there are no files in the quarantine, they need to be restored with special programs.

In Windows 10 and 11, you need to go to the Windows Security application, in the "Virus and Threat Protection" section. Click "Threat Log". View blocked threats. Open the desired file and set "Restore" (or "Allow") in the action menu for it. As shown in the article.

In Windows 10 and 11, you need to go to the Windows Security application, in the "Virus and Threat Protection" section. Click "Virus and Threat Protection Settings". In the "Exclusions" block, add exclusion files. As shown in the article.

If Windows Defender has deleted a file, it can be restored with special programs like Starus Partition Recovery.

Comments (3)

  • Starus Recovery
    Starus Recovery 3.10.2018 07:44

    If you want to add something on that topic or want to share your experience in managing Windows Defender, please leave a comment !

  • Flavio A.
    Flavio A. 4.01.2021 09:01

    Windows defender has taken hostage of an .exe that I wrote and won't give it back even when I press restore from quarantine. Even this recovery software won't work.. Any advice on how to recover it?

  • Rob Barratt
    Rob Barratt 27.01.2022 09:45

    I have accidentally deleted my quarantine folder. It's just not there. I'm concerned because sometimes important emails go in there by mistake. I would like to know how to restore it, please. Yours, Rob Barratt

Post Comment
User
Leave a reply
Your email address will not be published. Required fields are marked *

Similar articles

Similar articles about data recovery