Windows 10: How to track whom of admins released email from quarantine

Hello,

I would like to ask you to help me identify how to audit who released the email from quarantine.

Case: we have several admins who must have the ability to release from quarantine, how to track who of them released which email ?


https://protection.office.com/quarantine


is it even possible via S&CC or any other way ? Graph API / PowerShell ?


Thx

:)

 

admin password?

You can reset the Admin Password using Windows XP repair; See Here for step by step.

*Toast :toast:

 

Quarantined Trojan:JS/Flafisi.B

Trojan:JS/Flafisi.B threat description

When Windows Defender detects and quarantines a threat you are protected and the quarantined item/file/threat cannot harm your computer anymore. Also: Quarantined items will be removed automatically after some time.

That being said...

Why you cannot find/see a Remove possibility, I do not know.

I'm not a Windows 10/Windows Defender user so I'm not 100 % sure that the below from this site (https://www.microsoft.com/en-us/wdsi/help/antimalware-faq)
copied/pasted info is correct (later EDIT: info is not correct. See my other replies!):

On Windows Defender Antivirus for Windows 10 version 1703 and later:

• Use the Windows search box to find and open the Windows Defender Security Center
• Navigate to the Virus & threat protection > Scan history.
• Under Quarantined threats, select See full history

Once you have reviewed the quarantined items you can:

• Select Remove all to delete all quarantined software.
• Select individual files, and then click Remove or
  Restore.
• Select Quarantined items and then View details. You might be asked for an admin password or to confirm your choice.

======

I've seen other posts on a similar threat detection for Flash Player where the user also said he didn't have the Remove option...

See here:

• Problem Removing Trojan:JS/Flafisi.C (page=2) (jamesvandenbosch December 30, 2017)
• Problem Removing Trojan:JS/Flafisi.C (page=2) (jamesvandenbosch December 30, 2017)

====

Suggestion to upload the detected file to MS:
Submit files for malware analysis

and to also upload it to VirusTotal and/or any other service listed here:
List of Online File analyzers & services

In addition you might want to run some scans with one or the other tool mentioned here:

List of Malware Removal Tools

 

Windows Defender is missing Restore Button for Quarantined Threats

It wasn't listed under "Quarantined Threats", but was listed in "See full history" as quarantined. It has been about 2 hours
and now it is listed under "Quarantined Threats" which now shows the Restore or Delete options. Something must be causing
a delay in listing the quarantined file under "Quarantined Threats" after they have been found and quarantined by Defender.