How do I know if it is a false positive?

Upload the file to VirusTotal.com. If only 1-3 engines detect it (especially generic heuristic names), it is likely a false positive. If 15+ engines flag it with specific malware names, it is probably genuine malware.

Will exclusions make my PC less secure?

Yes, slightly. Excluded files and folders are not scanned by Defender. Only exclude specific files you have verified as safe, never broad folders. Keep exclusions to a minimum and review them periodically.

Windows Defender Threat Detected — Quarantined File Recovery and False Positives

Errorsecurity

Overview

Fix Windows Defender threat detection alerts by reviewing quarantined files, handling false positives, and restoring legitimate files that were incorrectly flagged.

Key Details

Windows Defender automatically quarantines files it identifies as threats based on signature and heuristic analysis
Quarantined files are moved to a protected folder and cannot be executed or accessed normally
False positives are common with development tools, game trainers, keygens, and custom scripts
Quarantine history shows what was detected, when, and what action was taken
Real-time protection scans files as they are downloaded, opened, or executed

Common Causes

Legitimate software using techniques similar to malware (code injection, registry modification, hooking)
Development tools or scripts matching heuristic malware patterns
Actually malicious file detected correctly by Defender
Outdated Defender definitions flagging a previously clean file after a signature update

Steps

1Review the threat: Windows Security > Virus & threat protection > Protection history to see details
2Verify the file is safe: upload to VirusTotal.com to check against 70+ antivirus engines
3Restore from quarantine if safe: Protection history > select the item > Actions > Restore
4Add an exclusion to prevent re-quarantine: Virus & threat protection > Manage settings > Exclusions > Add
5Report the false positive to Microsoft: use the Microsoft Security Intelligence submission portal

Related Items

windows-smartscreen-prevented-app-start

More in Security

windows-defender-errorsWindows Defender Errors — Antivirus Not Working or Updating

Error

windows-error-0x80073b01-defender-serviceWindows Error 0x80073B01 — Windows Defender Service Failed to Start

Error

windows-bitlocker-recovery-key-errorsBitLocker Recovery Key Errors — Drive Locked and Recovery Key Not Found

Critical

mac-gatekeeper-app-blockedMac Gatekeeper — App Cannot Be Opened (Unidentified Developer)

Warning

mac-filevault-recovery-errorsMac FileVault Errors — Encryption, Decryption & Recovery Key Issues

Error

mac-keychain-errors-passwordsMac Keychain Errors — Password Prompts, Locked Keychain, and Repair Guide

Warning

Frequently Asked Questions

Quarantined files are stored in C:\ProgramData\Microsoft\Windows Defender\Quarantine in an encrypted format. You cannot access them directly — use Windows Security > Protection history to manage them.

Windows Defender Threat Detected — Quarantined File Recovery and False Positives

Overview

Key Details

Common Causes

Steps

Tags

Related Items

More in Security

Frequently Asked Questions