Disable auto quarantine in Windows Defender
Newer versions of Windows Defender moves files it considers suspicious to the quarantine without user confirmation. That is currently the default behavior. At first, I thought of this only as a minor inconvenience. But the feedback I received from many users is that once a file is quarantined there is no guarantee of getting it back. The user interface of Windows Defender is a little unreliable; it sometimes fails to show the recovery options for quarantined files. So auto-quarantine sometimes has the same effect as auto-delete.
It might be a good idea to turn off auto-quarantine, but there are some caveats. After auto-quarantine is disabled, Windows Defender will ask for permission before deleting files. Needless to say, you need to be careful about which files you allow to remain on your computer. Checking the file with Virustotal.com might be a good idea, but make sure not to upload any personal file there. When in doubt go with what Windows Defender tells you to do.
warning: If you are unsure about being able to detect false positives, it is better not to turn off auto-quarantine. Allowing viruses by mistake is a much bigger problem than a lost executable file.
Auto-quarantine can be disabled easily using the Group Policy Editor. If your version of Windows does not come with Group Policy Editor, then you will have to edit the registry.
Using Group Policy Editor
Run gpedit.msc
Computer Configuration ➾ Administrative Templates ➾ Windows Components ➾ Microsoft Defender Antivirus ➾ Turn off routine remediation.
Double click on it and then enable the group policy in the new window which pops up.
Editing the Registry
Before continuing with the steps below, please read Microsoft’s warning about editing the Registry.
warning: This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs.
The Group Policy described earlier adds a DWORD with value name: DisableRoutinelyTakingAction, and value data: 1, to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender.
If Group Policy Editor is not included in your Windows, you will have to set this manually.
- Launch Regedit
- Go to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender
- Right Click on the right pane and select New ➾ DWORD (32-bit) Value
Rename the new entry to DisableRoutinelyTakingAction.
Right Click on the entry and choose Modify
Set value data to 1.