0

I am using Windows 10 Version 22H2 (OS Build 19045.3930).

I recently ran Windows Defender and it found threats due to a Kali Linux .iso I had on my computer. On the Virus & threat protection page in Windows Security, there are action options for each threat:

enter image description here

I did some googling about Windows Defender, and some posts say that it automatically quarantines threats (for example: this ), while other posts say it does not (example: this).

Based on the results of my Windows Defender Scan, I think that my Windows Defender is not automatically quarantining the threats. Additionally, my Kali Linux .iso is still in its original location (Windows Defender did not remove it). Protection history is also empty.

Note that I don't want Windows Defender to quarantine the .iso. I just happened to run a Windows Defender full scan and was surprised that it didn't automatically quarantine the .iso, and was wondering why.

Why isn't Windows Defender automatically quarantining the Kali Linux .iso? Is it because Windows Defender does not automatically quarantine at all? If so, why are there posts online which talk about Defender automatically quarantining?

Thanks for taking the time to read my question!

Improve this question
2
  • 1
    Kali ISOs are not viruses. I download Kali and run Kali machines. It seems likely Defender is in the process of allowing Kali which is why it is not quarantined. No issue here Windows 10 or 11
    – anon
    Commented Feb 17 at 16:31
  • Yeah, I'm glad Defender didn't quarantine the Kali .iso because I know it's safe to have on my computer. I'm wondering, does Defender selectively allow (does not automatically quarantine) some files, even if it perceives threats in it (as in the case of the .iso)?
    – paperangel220
    Commented Feb 17 at 18:49

1 Answer 1

Reset to default
0

Whether Defender quarantines a file (like an ISO) can depend on the history of the file in Defender's own history of the file and how treated. I think that is why Kali (for the most part) is not quarantined.

Here is a good Microsoft article on Defender and quarantines.

Microsoft Defender

Depending on how Microsoft Defender Antivirus is configured, it quarantines suspicious files. If you're certain a quarantined file isn't a threat, you can restore it on your Windows device.

On your Windows device, open Windows Security.

Select Virus & threat protection and then, under Current threats, select Protection history.

If you have a list of items, you can filter on Quarantined Items.

Select an item you want to keep, and choose an action, such as Restore.

For myself, I have not had to whitelist Kali and I suspect that is because of Defender's overall experience with Kali.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .