Reverse, Reveal, Recover: Windows Defender Quarantine Forensics
Fox IT
DECEMBER 13, 2023
Introduction During incident response engagements we often encounter antivirus applications that have rightfully triggered on malicious software that was deployed by threat actors. This QuarantineEntry is RC4-encrypted and saved to disk in the /ProgramData/Microsoft/Windows Defender/Quarantine/Entries folder.
Let's personalize your content