I have a file that Security Essentials quarantined "on sight" that I want to restore to perform some further analysis on.
However, the file was stored on my NAS server. This means I had accessed the server by entering \\192.168.1.5 into my Run box, entering the credentials and browsing to the folder. Security Essentials removed the item and stored it in quarantine. I am unable to restore the item from quarantine, with the error code 0x80508014.
My research shows that this error indicates that SE can't access the path the original file was in, and suggests recreating the path. The problem is that I haven't removed any folders so the path already exists. Further digging seems to indicate that the issue is that SE cannot access the network share because the share is connected to my user account session and not to SYSTEM or Administrator. SE lists the path of the original file in the details as file:\\192.168.1.5\storage\research\file.exe, so it appears SE is trying to directly restore the file to this location and is unable to do so because the SE process does not have access to the share connection.
I tried opening an Administrator command prompt and manually connecting the network share to Admin's session using net use but this did not help.
Is there a way to direct SE to restore a quarantined file to a different location than it was originally found in? I do not see a way for me to be able to give the SE process access to the network share so it can restore the file.
Best Answer
I hit a similar problem when Windows 10 Defender quarantined some files from my NAS box.
In a Command Prompt (opened as administrator) I was able to use the command line tool to list the quarantined files:
Then I used the -restore option along with -Path to restore to a local path:
After that I was able to copy the files back to my network drive (which is now on the exclusion list!).