Hello, 

We would like to run additional analysis on quarantined files as part of a custom workflow. Is there a way to programmatically access quarantined files without restoring them from the quarantine. We’d like to leave the files in the quarantine, but we want to copy the files into another location within our organization outside of Defender for deeper malware analysis. Ideally, we’d like to use an MS Defender API for this post-quarantine action vs. using the MpCmdRun.exe util as we don’t want to restore the file.

Thanks!

Laurel

​Hello,  We would like to run additional analysis on quarantined files as part of a custom workflow. Is there a way to programmatically access quarantined files without restoring them from the quarantine. We’d like to leave the files in the quarantine, but we want to copy the files into another location within our organization outside of Defender for deeper malware analysis. Ideally, we’d like to use an MS Defender API for this post-quarantine action vs. using the MpCmdRun.exe util as we don’t want to restore the file. Thanks!Laurel  Read More

​