Forum Discussion

laurelfielding's avatar
laurelfielding
Copper Contributor
Oct 31, 2024

Programmatically Access a Quarantined File

Hello, 

 

We would like to run additional analysis on quarantined files as part of a custom workflow. Is there a way to programmatically access quarantined files without restoring them from the quarantine. We'd like to leave the files in the quarantine, but we want to copy the files into another location within our organization outside of Defender for deeper malware analysis. Ideally, we'd like to use an MS Defender API for this post-quarantine action vs. using the MpCmdRun.exe util as we don't want to restore the file.

 

Thanks!

Laurel

No RepliesBe the first to reply

Resources