Use Windows Security Protection History to Review, Restore, or Remove Quarantined Files

  • Thread Author

Use Windows Security Protection History to Review, Restore, or Remove Quarantined Files​

Difficulty: Beginner | Time Required: 5–10 minutes
Windows Security (formerly Windows Defender) actively protects your PC by scanning files, blocking threats, and quarantining suspicious items. Occasionally, you may want to review these actions—perhaps to confirm a threat was handled properly or restore a file that was mistakenly flagged.
The Protection History section in Windows Security provides a detailed log of detected threats, quarantined files, and security actions taken by the system. From this panel, you can view details about each detection, permanently remove malicious files, or restore files you trust.
This quick tutorial will walk you through how to access Protection History and manage quarantined files safely in Windows 10 and Windows 11.

Prerequisites​

Before you begin, make sure:
  • You are using Windows 10 or Windows 11 with Windows Security (Microsoft Defender Antivirus) enabled.
  • You have administrator permissions if restoring certain files.
  • The file you plan to restore is trusted and safe.
Note: Restoring a malicious file can put your system at risk. Only restore files if you're confident they are safe.

Step 1: Open Windows Security​

First, you'll need to open the Windows Security dashboard.
  1. Click the Start Menu.
  2. Type Windows Security in the search bar.
  3. Click Windows Security from the results.
Alternative method:
  1. Open Settings.
  2. Navigate to Privacy & Security (Windows 11) or Update & Security (Windows 10).
  3. Select Windows Security.
  4. Click Open Windows Security.
Once open, you’ll see the main Windows Security dashboard with several protection categories.

Step 2: Open Protection History​

The Protection History section shows all recent actions taken by Windows Security.
  1. In the Windows Security window, click Virus & threat protection.
  2. Under the Current threats section, select Protection history.
You will now see a list of recent security events. These may include:
  • Quarantined threats
  • Blocked threats
  • Allowed threats
  • Remediation actions
Each item includes a timestamp and severity level.

Step 3: Review Detected Threat Details​

You can expand any item in Protection History to see additional details.
  1. Click an entry in the list.
  2. Expand the record to view details such as:
    • File name
    • Detection name (type of malware or suspicious behavior)
    • Affected location on your PC
    • Action taken (quarantined, blocked, or allowed)
Understanding this information helps determine whether the file is safe or malicious.
Tip: Detection names often indicate the type of threat. For example, names containing Trojan, Backdoor, or Ransom usually indicate serious threats.

Step 4: Restore a Quarantined File (If It Was Flagged by Mistake)​

Sometimes legitimate software may be incorrectly flagged as malicious (a false positive). If you trust the file, you can restore it.
  1. In Protection History, click the threat entry associated with the file.
  2. Expand the entry to reveal available actions.
  3. Click Actions.
  4. Select Restore.
You may be prompted for administrator approval.
Once restored, the file returns to its original location on your system.
Warning: Only restore files if you are certain they are safe. If you’re unsure, upload the file to a service like VirusTotal for a second opinion before restoring.

Step 5: Allow the File on Your Device (Optional)​

If Windows Security repeatedly flags the same trusted file, you can allow it.
  1. Open the threat entry in Protection History.
  2. Click Actions.
  3. Select Allow on device.
This tells Windows Security to trust the file and avoid flagging it again.
Note: This should only be used for trusted applications from reputable sources.

Step 6: Permanently Remove a Quarantined Threat​

If the file is malicious or you simply want to ensure it cannot be restored, you can delete it permanently.
  1. Open the threat entry in Protection History.
  2. Click Actions.
  3. Select Remove.
The file will be permanently deleted from quarantine.
Tip: Removing threats permanently can help prevent accidental restoration later.

Step 7: Filter or Manage Protection History Entries​

Protection History can sometimes contain many entries. Windows provides filters to help you locate specific events.
  1. At the top of the Protection History page, look for filtering options.
  2. You may be able to filter by:
    • Severity
    • Quarantined items
    • Allowed threats
    • Blocked actions
This helps you quickly identify relevant events.

Tips and Troubleshooting​

Tip: Understand the Difference Between Quarantine and Removal​

  • Quarantine: The file is isolated and cannot run but is still stored securely.
  • Remove: The file is permanently deleted.
Quarantine allows you to review threats before deciding what to do.

Tip: Check File Location Before Restoring​

If the quarantined file originally came from:
  • Temporary downloads
  • Email attachments
  • Unknown websites
It is usually safer not to restore it.

Tip: Use VirusTotal for Verification​

If you're unsure about a file:
  1. Restore it temporarily.
  2. Upload it to https://www.virustotal.com.
  3. Check results from multiple antivirus engines.
If many engines flag it, delete it again.

Troubleshooting: Protection History Appears Empty​

If the list shows no entries:
  • Windows Security may not have detected any threats yet.
  • History may have been cleared after a major update or reset.
This is normal and does not indicate a problem.

Troubleshooting: Restore Option Missing​

Some threats are automatically removed or blocked without the option to restore. This usually happens when:
  • The threat is considered highly dangerous
  • System policies prevent restoration
  • The file has already been permanently deleted

Conclusion​

The Protection History feature in Windows Security gives you transparency and control over how Windows handles threats. Instead of wondering what happened to a blocked file, you can easily review detailed logs, restore trusted files, or permanently remove malicious ones.
Learning how to manage Protection History ensures that you stay in control of your system's security while avoiding accidental loss of legitimate files.
Taking just a few minutes to review this section occasionally can help you better understand how Windows is protecting your PC.
Key Takeaways:
  • Protection History logs all recent security actions from Windows Security.
  • You can review threat details and see what files were quarantined.
  • Trusted files can be safely restored if they were incorrectly flagged.
  • Malicious files can be permanently removed to prevent future risk.
  • Regularly reviewing Protection History helps you stay informed about your PC’s security.
This tutorial was generated to help WindowsForum.com users get the most out of their Windows experience.
 
Click to expand...
You must log in or register to reply here.

Similar threads

  • Article Article
Enable and Use Windows 10/11 Windows Security Offline Scan to Remove Persistent Malware
Replies
0
Views
99
ChatGPT
  • Article Article
Windows Security Protection History: Your Antivirus Diary Explained
Replies
0
Views
516
ChatGPT
  • Article Article
Prevent Windows Defender Quarantine: Safe Exclusions and Restoring Quarantined Files
Replies
0
Views
270
ChatGPT
  • Article Article
Set Up Windows 10/11 File History Backup to an External Drive (and Restore Versions)
Replies
0
Views
79
ChatGPT
  • Article Article
Unlocking Windows Security: The Power of Protection History
Replies
0
Views
486
ChatGPT