Kaspersky Endpoint Security 12 for Windows

RESTORE. Restoring files from Quarantine

25 April 2024

ID 215844

You can restore a file from Quarantine to its original folder. Quarantine is a special local storage on the computer. The user can quarantine files that the user considers dangerous for the computer. Quarantined files are stored in an encrypted state and do not threaten the security of the device. Kaspersky Endpoint Security uses Quarantine only when working with Detection and Response solutions: EDR Optimum, EDR Expert, KATA (EDR), Kaspersky Sandbox. In other cases Kaspersky Endpoint Security places the relevant file in Backup. For details on managing Quarantine as part of solutions, please refer to the Kaspersky Sandbox Help, Kaspersky Endpoint Detection and Response Optimum Help, and Kaspersky Endpoint Detection and Response Expert Help, Kaspersky Anti Targeted Attack Platform Help.

To execute this command, Password protection must be enabled. The user must have the Restore from Backup permission.

The object is quarantined under the system account (SYSTEM).

Restoring files from Quarantine involves the following special considerations:

  • If the destination folder has been deleted or the user does not have access rights to that folder, the application places the file in the %DataRoot%\QB\Restored folder. Then you must manually move the file to the destination folder.
  • The application treats the name of the file being restored as case sensitive. If you do not observe the case when entering the file name, the application does not restore the file.
  • If the destination folder already has a file with the same name, the application cancels the restoration of the file.
  • If you are using the KATA (EDR) solution, the application saves a copy of the file in Quarantine after restoring the file. You can clear the Quarantine manually. For EDR Optimum and EDR Expert solutions, the application deletes the file after restoration.

Command syntax

avp.com RESTORE [/REPLACE] <file name> /login=<user name> /password=<password>

Advanced settings



Overwrite an existing file.

<file name>

The name of the file to be restored.



/login=<user name> /password=<password>

User account credentials with the required Password protection permissions.


avp.com RESTORE /REPLACE true_file.txt /login=KLAdmin /password=!Password1

Command return values:

  • -1 means the command is not supported by the version of the application that is installed on the computer.
  • 0 means the command was executed successfully.
  • 1 means a mandatory argument was not passed to the command.
  • 2 means a general error occurred.
  • 4 means there was a syntax error.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.