When files are added to quarantine, they are not just “locked away” in a special folder by Microsoft Defender Antivirus but are also altered in such a way that manually extracting and launching them from the folder is impossible, even if you restore the executable file extension.

Quarantine Folder in Microsoft Defender
The storage location for quarantine files is:

C:\ProgramData\Microsoft\Windows Defender\Quarantine
but to restore them, you will need to use either the graphical interface in the “Windows Security” window or the command line.

**Restoring from Quarantine in the *“Windows Security”* Protection Log**
“Windows Security” offers a quick and easy way to restore files from quarantine:

1. Open the “Windows Security” window using the icon in the notification area, searching in the Windows taskbar, or in the “Settings” app.
2. Open the “Virus & threat protection” section.
3. Click on “Protection history”.
4. In the list of threats, click on the threat you need to restore: details about it will expand, including information on what was detected in the file and the path to the quarantined file.
5. Click the “Actions” button and select “Restore”.

As a result, the file will be restored to its previous location, and its execution will be allowed. However, keep in mind that some restored files may still not run, and to launch them, you may need to add the entire program folder to Microsoft Defender exclusions.

How to Restore Files from Quarantine Using the Command Line
There is another way to restore files quarantined by Microsoft Defender — the command line. Follow these steps:

1. Run the command line as an administrator (here’s how) and sequentially enter the following two commands:

   cd "C:\Program Files\Windows Defender"
   MpCmdRun.exe -restore -listall

This will display a list of quarantined files. To restore a specific file, you can use the command:

   MpCmdRun.exe -restore -filepath "file_path"

You can copy the path by highlighting it with your mouse in the command line and right-clicking on it (it will be automatically copied), and paste it similarly by right-clicking at the cursor location.

Another command for restoring a file with a specified threat name (“ThreatName”) is:

   MpCmdRun.exe -restore -name "threat_name"

Keep in mind that files are not stored indefinitely in quarantine and are completely deleted by the built-in antivirus after a certain period (details about the time period were not found).