Many PC users have experienced data loss due to Windows Defender deleting important files due to false positive threat detection or because of a document containing malware. How can you restore files deleted by Windows Defender, and how can you reduce the number of future incidents?
Before we begin, it is important to find out why a particular file or document was picked by Windows Defender. Malicious documents or infected executable files may affect the operating system or programs. Such files are subject to quarantine or complete erasure.
Without this protection, our computers would not be safe to use; their performance would degrade, and sooner or later you would experience severe loss of data.
In order to protect computer users and to maintain the PC health and performance, the antivirus always seeks to prevent possible threats and eliminate them long before they inflict the first damage. Sometimes these preventive actions lead to the loss of files the user would not want to lose. Some other times antivirus tools have false positive detections (for example, due to digital signature mismatch, revocation or expiration), and sometimes the particular file is mistakenly reported to the manufacturer of an antivirus tool for no obvious reason.
Can we restore such files while bypassing the Windows Defender system? We definitely can!
In this article, we will take a closer look at what Windows Defender is, how to enable or disable it, and its main functions. We’ll also answer the burning question: do you actually need a third-party antivirus tool if Windows has a built-in antivirus already?
- What is Windows Defender Offline?
- How to enable or disable Windows Defender?
- Windows Defender Quarantine
- How to open Quarantine with Windows Defender?
- Windows Defender Exclusions
- Windows Defender deleted an important file. What to do?
- Do I need a third-party antivirus in Windows 10?
- Questions and answers
- Comments
What is Windows Defender Offline?
Windows Defender is more than just a virus scanner. Instead, Windows Defender is a built-in protection system for the entire operating system. It is designed to detect, prevent and eliminate malicious software, spyware and other malware that can damage your data or your computer. Windows Defender is provided by Microsoft as a built-in tool in Windows 8, Windows 10 and newer versions.
If you are using an older version of Windows, you can always download Microsoft Security Essential, which is backwards compatible with Windows Vista and Windows 7.
What is the difference between them? Both tools are able to provide the same effective kind of protection for your operating system, so one may think that only the names are different.
Windows Defender has substantial benefits over Microsoft Security Essential because of its tight low-level integration with the OS. In fact, the operating system gets a lot of protection from rootkits and bootkits when using the latest versions of the Defender.
There are different types of viruses that can sneak and hide in our devices and completely disable built-in antivirus software.
Windows Defender Offline is designed to help solve this complex situation by working from the outside. With Windows Defender Offline, you can boot your computer straight into the antivirus, scan your computer and delete the virus while it is not running.
Here’s how to activate Windows Defender Offline.
- 1.Press Start > Settings > Update & Security > Windows Security > Virus & threat protection.
- 2.Click Run a new advanced scan.
- 3.In Advanced scans, select Windows Defender Offline scan and click Scan now. Your computer will be rebooted straight into Windows Defender. The tool will then scan your computer for about 15 minutes, then restart the system to get you back to Windows.
How to enable or disable Windows Defender?
You probably never asked this question before. The antivirus works, and there’s nothing to worry about. But what if it shuts down for some reason and needs to be turned back on?
Even in spite of the fact that Microsoft hid the on/off function deep enough in the depths of the system setting, it can still be found. Let’s see how to find it:
1. Use the Win + I key combination to open the Settings menu.
2. Go to Update and Security.
3. Select the Windows Security item.
4. Select the Open Windows Defender Security Center option.
5. Find the gear icon in an opened window. It will allow you to go to the Settings section of the built-in antivirus.
Helpful tip
You can always set notification mode to receive notifications in that window.
6. Open the Virus and Threat Protection Settings.
7. We have reached the point. In this menu, you can enable or disable any of the three Windows Defender settings:
- Real-time protection;
- Cloud-delivered protection;
- Automatic sample submission;
Windows Defender Quarantine
Before deleting any suspicious file, Windows Defender always places it in quarantine, briefly describing the nature of the possible threat and the potential threat level that threat may pose. In this chapter, we will find the exact location of the “suspects”.
By default, the Windows Defender virus storage is located under the following path: C:\ProgramData\Microsoft\Windows Defender\Quarantine. However, we recommend you to interact with them only through antivirus software as it is much more reliable.
Note:
The ProgramData folder is hidden by default. If you want to see it, you must first enable the display of hidden folders and files in the Explorer settings.
How to open Quarantine with Windows Defender?
It’s simple! Follow the steps below and you will quickly solve it.
1. Use the Win + I key combination to open the Settings menu.
2. Go to Update and Security.
3. Select the Windows Security item.
4. Select the Open Windows Defender Security Center option.
5. Open the Virus and Threat Protection window.
6. Open the Threat Log. You can also scan your device in this section.
7. Here you can see the complete list of available and eliminated threats that Windows Defender placed in quarantine. Quarantined items are absolutely harmless while they’re held in quarantine.
8. Press the Show Details to examine quarantined files.
9. In the same quarantine menu, you can delete a specific file or all detected viruses at any time by clicking the Delete button next to the desired file, or using the Delete all command to erase all files.
Windows Defender Exclusions
In certain cases, an antivirus can block even completely safe files that interact with the system and other applications in one way or another. For one or another reason, the antivirus may consider them to pose a threat. This situation is called a false positive detection. Files that are falsely detected as threats will also be quarantined. However, such files are often parts of an installed program. Placing such files into quarantine prevents the correct functionality of affected applications.
If you are absolutely sure a particular file poses no threat, you can manually fix false positive detection by adding the locked file to the list of exclusions.
Let’s look at detailed instructions on how to do this.
1. As described in the previous chapter, open the Windows Defender window.
2. Go to Virus and Threat Protection.
3. Open the Virus and Threat Protection Settings.
Scroll to the bottom of the window and find the Exclusions option. Click Add or remove exclusions.
5. Click Add exclusion and select the type.
6. Specify the path to the file, folder, file type or process that you want to add as exclusion.
If you have several programs that are falsely detected by Windows Defender, you can place all of them into a separate folder. This will ensure that these files are excluded from future detections.
Important:
We highly recommend you to never upload files obtained from untrusted sources to the Exclusion folder. Nobody wants to give a virus control over your computer. Such a careless action can lead to rather unpleasant consequences.
Windows Defender deleted an important file. What to do?
It is common for a user to simply not know how to recover a deleted file. Windows Defender blocks all attempts to recover files it deletes. Truth be told, this can sometimes save your operating system from hacking and prevent identity theft.
However, even good intentions are not always beneficial, and you may still want that deleted file back.
If you want to recover files removed by Windows Defender, you can perform low-level analysis of the disk on which the file is located with Starus Partition Recovery tool. After the scan is complete, perform the recovery to an external drive such as a USB flash drive. This will help you bypass the block imposed by Windows Defender and recover the files that were recently lost.
Starus Partition Recovery has an intuitive user interface and offers convenient grouping by file type. You’ll be able to find the right file in a matter of seconds.
Do I need a third-party antivirus in Windows 10?
If Windows Defender is really this good, why are there so many third-party options? Are third-party antivirus tools made by companies specializing in computer security better than the built-in Microsoft antivirus? This is a very reasonable question. The answer depends on who you are and what you need.
Windows Defender is a robust built-in antivirus tool that is distributed by Microsoft for free with the OS itself. Windows Defender is well maintained and frequently updated. If you are using your computer at home, Windows Defender is probably all you need. If, however, you are working in a sensitive environment or dealing with sensitive data, or if you are managing a large network, or if the computer is part of a campus network or a publicly accessible one, then you may need a different solution with stronger protection and tighter restrictions.
Do note that updates are very important. New threats appear almost every other day. New threats cannot be detected or stopped by outdated versions of antivirus tools. If you do not receive timely updates, you will be in a worse situation than by not using an antivirus at all due to the sense of false security.
We hope you found this article useful and helped you recover deleted files with Windows Defender.