Windows Defender does a great job of protecting us from all sorts of malware. Sometimes, however, it gets a little too aggressive and quarantines a program that you happen to know is safe to use. Defender is not the only AntiVirus (AV) program that pops up these false positives. All of them try to err on the side of caution. In today’s example, we’ll be discussing one of NirSoft’s portable freeware utilities called Network Password Recovery. If you try to unZIP this file and run the program, Windows Defender will get very cranky indeed. It will quarantine the software without notice. Your file will basically disappear from sight. So, how do you restore a quarantined program? This Quick Tips article will show you how. Read on…
Note: This is a must-read if you are at all concerned about the safety of using NirSoft’s utilities and if you’d like to learn about all those free, portable goodies. Check out Jim Hillier’s excellent article, NirSoft: 200+ Free Portable Tools & Utilities. Now, if only Windows Defender would read that article, too…
Browsers Get Cranky, Too
Note: Click on any of the following images to enlarge them for easier reading.
Even trying to download Network Password Recovery coughed this up:
No, it doesn’t contain any malware. If you are following along and want to try out this useful software, then simply allow the download in the browser of your choice.
Oh, and I suppose I should tell you that if you follow this Network Password Recovery link, you will see this choice near the bottom of that page:
Choose the download that applies to your system.
7ZIP Got Cranky, too
When I tried to unZIP the downloaded file, Defender barged in and aborted the process. 7ZIP complained that it couldn’t complete the operation due to a virus. And guess what? The ZIP file was gone! Windows Defender had duly quarantined it without a hint of respect for me or my wishes.
This brings us to how to get it back.
Unquarantine That Quarantined File
- Use the Windows key + I to open Settings
- Choose Update & Security
- In the left panel, choose Windows Security
- In the right panel, choose Virus & threat protection
That should bring you here:
Click the link labeled, Protection history. The new window should look similar to this:
The Threat notification for the Nirsoft file should be right at the top of the list, it being the most recent file that Windows Defender attacked.
Expand it, then expand Actions, and then choose Restore. That should restore the ZIP file and you should now be able to extract it using your favorite archive manager.
Round Two!
I will presume you have successfully extracted the Nirsoft files. If you try to run the netpass-x**.exe file, then Windows Defender will once again defend you. It will quarantine that file and you will have to follow the above steps to restore it. Once you have done that, you will finally be able to run NetPass.
Bonus Tip
The whole reason I wanted to run this NetPass utility in the first place was to check out a huge Windows security hole I had heard about. Focus your peepers on this:
NetPass offers a lot of information here including the Password strength. What is important to note here is in the Password column. I have blurred my information here for obvious reasons but it might be a moot point.
If you use Autologin in Windows, then that strong password you worked so hard to create and remember is stored in plain text on your computer! Let that sink in for a moment.
If one of the many nefarious ones gets their grubby hands on your computer and knows where to look, they will have access to your entire Microsoft account and everything connected to it. Mindblowing!
This brings up a very good question. How is it that Microsoft fights so vigorously to stop you from using a perfectly harmless little utility while at the same time leaves a gaping security hole in its flagship operating system? Well, Microsoft, how do you respond? We’re waiting…
As always, if you have any helpful suggestions, comments or questions, please share them with us,
Richard
—
Great article Richard. Only have one comment to add, that I experienced this exact problem with Kaspersky, Malwarebytes and Emsisoft, Mindblower!
Thanks Richard,
Extremely annoying it is Richard when Defender ‘shuts the download door’ on a safe programme which I have been using on my PC for several months which I want to install on my wife’s laptop.
There have been other instances recently with Nirsoft and other safe download sites.
Regards,
Jonno
Right, you are, Jonno…
Roxio Support identified DEFENDER as to why win 10 won’t load the drivers for a program called VHS to DVD. It will not load the drivers. No notice. no explanation. and no fix. Roxio support could not find a way around it. I suspect other programs will fall into the same category.
Suggest turning off Defender for the interim and exclude the target folder from the purview of Defender. When install complete make Defender protection active once again.
Hi Baruch,
This is a wonderful tip, but it must be done in the correct order.
Thank you!