Share via

Cannot delete Quarantined files in MacOS Microsoft Defender

Anonymous
2024-01-13T10:17:02+00:00

Hi,

I am not offered the option to delete or restore files in Quarantine, at the "Threat History" tab in Microsoft Defender for MacOS.

I can only see the path of the file, but when I go to a Terminal session to delete it manually, turns out the path does not exist (/private/tmp/some-tmp-dir)

Then I proceeded to /Library/Application Support/Microsoft/Defender/quarantine and all the files were there, but I cannot delete them. Not even as root user. I have tried to change the permissions of the directory with chmod -R a+w but still : permission denied.

Then I booted into Recovery mode to get a Terminal window and delete the files manually. Turns out the directory /Library/Application Support/Microsoft/quarantine is empty.

HOW can I delete the quarantined file shown in "Threat History" ???

Thank You.

Microsoft 365 and Office | Microsoft 365 Defender | Other | MacOS

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-01-13T23:27:19+00:00

    Hello Rob Saa,

    Thank you for posting in Microsoft Community.

    I'm sorry to hear that you're having trouble deleting quarantined files in Microsoft Defender for MacOS. To delete the quarantined files, you can try the following steps:

    1. Open Microsoft Defender for MacOS and go to the "Threat History" tab.
    2. Select the file you want to delete and click on the "Allow" button.
    3. Once you have allowed the file, it should be moved out of quarantine and you should be able to delete it manually.

    If the above steps do not work, you can try the following:

    1. Open Terminal and type "sudo rm -rf /Library/Application\ Support/Microsoft/Defender/quarantine/*".
    2. Enter your administrator password when prompted.
    3. This should delete all the files in the quarantine folder.

    Please note that deleting files using Terminal can be risky, so make sure you have a backup of your important data before proceeding. Else, try reinstalling the application.

    Please let me know further concerns so I can help more!

    Regards,

    Prince R

    Microsoft Moderator

    0 comments
  2. Reported
    Anonymous
    2024-01-15T07:36:27+00:00

    Hello Prince R,

    I don't have any "Allow" button for the file show in "Threat History" tab. Only a "Details" button that shows the path of the file, and nothing else.

    Also, "sudo rm -rf /Library/Application\ Support/Microsoft/Defender/quarantine/*" returns :

    "rm: /Library/Application Support/Microsoft/Defender/quarantine/ff25bd96-6a02-408d-8684-5d89546d3d31: Operation not permitted"

    I have tried to "sudo chown -R a+rw /Library/Application\ Support/Microsoft/Defender/quarantine/*, and also get

    "chmod: Unable to change file mode on /Library/Application Support/Microsoft/Defender/quarantine/ff25bd96-6a02-408d-8684-5d89546d3d31: Operation not permitted"

    Any other ideas ?

    Thank You. Regards

    0 comments
  3. Anonymous
    2024-01-20T00:52:03+00:00

    Any other ideas ? Anyone ?

    0 comments
  4. Anonymous
    2024-01-20T11:18:00+00:00

    Well, I finally found the way to delete the quarantine files stored at "/Library/Application Support/Microsoft/quarantine" directory.

    1. Open "System Settings" and go to "Startup Items"
    2. Deactivate "Microsoft Defender" to prevent it to run at startup
    3. Reboot your Mac
    4. Open a Terminal window and issue the command "sudo rm -rf /Library/Application Support/Microsoft/quarantine/*"
    5. Enter "root" password

    Voilá ! All files in the Defender quarantine directory are deleted. I have just recovered 77 GB of disk space.

    As usual, Microsoft Support is USELESS unless you have a Premium Support contract.

    Thank you, Microsoft !

    Have a good one,

    R

    2 people found this answer helpful.
    0 comments
  5. Anonymous
    2024-02-06T05:35:19+00:00

    Hello Rob Saa,

    Thank you for the updates.

    Glad for this workaround and appreciate your time on this matter. This could help those who have the same issue.

    To help other customers searching for help on related issues, please feel free to mark the response you found most helpful by clicking “Yes” on the bottom of that post. This will ensure the helpful responses are most visible when searching (and you can vote more than once if the solution was spread over multiple posts).

    Thanks again for choosing Microsoft!

    Sincerely,

    Prince R

    0 comments