This tool is use to decrypt file that been quarantined by Windows Defender. The tool developed in Rust. It also contains some Python code; as part of my blog - https://blog.khairulazam.net/2023/12/12/extracting-quarantine-files-from-windows-defender/
- Note: I'm developing this using IntelliJ IDEA. You can probably try to compile the code without the IDEA. Not sure if its work.
- Clone this repo
- Go to either DefenderEntriesDecryptor/src/ or DefenderFileDecryptor/src/
cargo build --releaseORcargo build --target x86_64-pc-windows-gnu(i think so)
- For defender_file_decryptor.exe - to decrypt quarantine file
defender_file_decryptor.exe <input_file> <output_file> - For defender_entries_decryptor.exe - to decrypt quarantine file entries
defender_entries_decryptor.exe <input_file> <output_file>
TBD
- v0.1 (09 Dec 2023): First version of the code.
MIT License. Copyright (c) 2023 Mohd Khairulazam. See License.