Disable auto quarantine in Windows Defender

Newer versions of Windows Defender moves files it considers suspicious to the quarantine without user confirmation. That is currently the default behavior. At first, I thought of this only as a minor inconvenience. But the feedback I received from many users is that once a file is quarantined there is no guarantee of getting it back. The user interface of Windows Defender is a little unreliable; it sometimes fails to show the recovery options for quarantined files. So auto-quarantine sometimes has the same effect as auto-delete.

It might be a good idea to turn off auto-quarantine, but there are some caveats. After auto-quarantine is disabled, Windows Defender will ask for permission before deleting files. Needless to say, you need to be careful about which files you allow to remain on your computer. Checking the file with Virustotal.com might be a good idea, but make sure not to upload any personal file there. When in doubt go with what Windows Defender tells you to do.

Warning: If you are unsure about being able to detect false positives, it is better not to turn off auto-quarantine. Allowing viruses by mistake is a much bigger problem than a lost executable file.

Auto-quarantine can be disabled easily using the Group Policy Editor. If your version of Windows does not come with Group Policy Editor, then you will have to edit the registry.

Using Group Policy Editor

Run gpedit.msc

Running gpedit from run

Computer Configuration ➾ Administrative Templates ➾ Windows Components ➾ Microsoft Defender Antivirus ➾ Turn off routine remediation.
Double click on it and then enable the group policy in the new window which pops up.

Routine remediation setting in Group Policy Editor


Editing the Registry

Before continuing with the steps below, please read Microsoft’s warning about editing the Registry.

Warning: This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs.

The Group Policy described earlier adds a DWORD with value name: DisableRoutinelyTakingAction, and value data: 1, to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender.

Registry entries made by group policy editor

If Group Policy Editor is not included in your Windows, you will have to set this manually.
Launch Regedit and go to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender.
Right Click on the right pane and select New ➾ DWORD (32-bit) Value

Adding a new DWORD to registry

Rename the new entry to DisableRoutinelyTakingAction.

Right Click on the entry and choose Modify

Setting Value data field to 1

Set value data to 1.

9 thoughts on “Disable auto quarantine in Windows Defender”

  1. Happy Downloader

    THANK YOU! You are the man (or woman)! Serious lack of information about how to disable the annoying auto quarantine and give us back our prompt!

  2. I enabled “Turn off routine remediation” in the Group Policy Editor, but files are still being quarantined without my permission. These are files that I previously told Windows Security to “Allow on computer” more than once. I am no longer permitted to own a computer. I have a device that I can only use as Microsoft permits.

    1. Windows Defender has a habit of not always doing what you tell it to do. But turning off Automatic sample submission might help with the problem of whitelisted files getting detected as malicious. I had some success with that setting in the past, not guaranteed to work though.

  3. On my pc, the Group Policy , Microsoft Defender Antivirus, did not exist, I instead found the setting under “Windows Defender Antivirus” , I have changed the value to ENABLED and hope it works, also then went to do the registry edit but it was already there and already with a “1” – Not sure if the Group Policy did that as I did not check before I made the Policy change.

    1. The change in Group Policy does trigger that change in the Registry. Your setting is correct, the problem is with Windows Defender I think.

  4. Neither method worked 🙁
    Its still quarantining files and not restoring them after me allowing it and then restoring it.
    Id go back to win7 any day but i need DX12 for a specific program!
    Dual booting worked but got too lazy to log into win7 each time.

  5. Just finished going through & adjusting both the Group editor & registry keys. I hope this works as I am fed up to here with fighting Windows for supremacy…😉

Comments are closed.