Event ID 1010 — Microsoft Antimalware Engine Spyware Removal
Applies To: Windows Server 2008
.jpg)
During a Windows Defender scan, the Microsoft Antimalware Engine quarantines or removes any spyware or potentially unwanted software detected on the computer. When spyware or other potentially unwanted software is quarantined, it is moved to an isolated folder on the computer.
As new definitions are released, items in quarantine can be scanned again to see if the spyware or other potentially unwanted software can be cleaned and released from quarantine. When spyware or other potentially unwanted software is removed, it is deleted from the computer.
Event Details
| Product: | Windows Defender |
| ID: | 1010 |
| Source: | Microsoft-Windows-Windows Defender |
| Version: | 1.1 |
| Symbolic Name: | MALWAREPROTECTION_QUARANTINE_RESTORE_FAILED |
| Message: | %1 has encountered an error trying to restore an item from quarantine. For more information please see the following: %15 %tName:%b%11 %tID:%b%12 %tSeverity ID:%b%13 %tCategory ID:%b%14 %tUser:%b%8\%9 %tError Code:%b%3 %tError description:%b%4 |
Resolve
Scan the computer by using Windows Defender
If spyware or other potentially unwanted software was removed from the computer after a Windows Defender scan, but before Windows Defender took any action taken on it, the file cannot be quarantined because it no longer exists on the computer. To ensure that the spyware or other potentially unwanted software was removed, you should do a full scan of the computer again by using Windows Defender.
To perform this procedure, you must be a member of the Users group, or you must have been delegated the appropriate authority.
To scan the computer by using Windows Defender:
- Click Start, point to All Programs, and then click Windows Defender.
- Click the down arrow next to Scan, and then click Full Scan.
Verify
When Windows Defender takes an action on spyware or other potentially unwanted software, an entry is created in the Windows Defender History. To verify that the spyware or other potentially unwanted software was successfully removed from your computer, you should verify that an entry was created in the Windows Defender History and that the appropriate action was taken.
To perform this procedure, you must be a member of the Users group, or you must have been delegated the appropriate authority.
To verify that the spyware or other potentially unwanted software was successfully removed:
- Click Start, point to All Programs, and then click Windows Defender.
- Click History.
- Under Programs and Actions, verify that the Action Taken column says Remove.
- Verify that the Status column says Succeeded.
- Close Windows Defender.
Note: If you clicked Ignore or Always Allow for the action in the Windows Defender alert, the Action Taken column will display either Ignore or Always Allow.