unQuar - Tool for Analyzing and Extracting Files from Antivirus Quarantines

unQuar is a utility that gives you direct access to the contents of various antivirus quarantines. View, analyze, and safely extract files that antiviruses have isolated as potentially dangerous.

🔍 What Does unQuar Do?

• Automatically finds quarantines of popular antiviruses on all connected drives
• Analyzes quarantine contents without modifying the original data
• Safely extracts files with protection against accidental execution
• Verifies data integrity using checksums

🛡️ Safety First

• Read-only operation — unQuar never modifies the original quarantine files
• Protected extraction — files are saved with .infected extension or in password-protected ZIP archives

🎯 Who Is This Tool For?

unQuar is useful for:

• Cybersecurity professionals for incident analysis and false positive investigation
• System administrators to restore mistakenly blocked files
• Curious users wanting to understand how antiviruses work "under the hood"
• Forensic analysts examining drives from compromised systems

⚠️ Important Warning

Files in quarantine were isolated by antivirus as potentially dangerous. Extraction and use of such files should be done with extreme caution, only if you're confident in their safety or are conducting analysis in an isolated environment. unQuar is a tool for those who understand what they're doing. If you're unsure about extracting files from quarantine — you probably don't need to do it.

Download

The current version of unQuar is 1.26.3.9. The utility can be run on any version of Windows starting with Windows XP. It requires no installation or additional frameworks and is completely portable.

Documentation

How Quarantine Search Works

When launched, unQuar searches for antivirus quarantine files. The search is based exclusively on a predefined list of file paths. No deep system analysis is performed — if a quarantine is located in a non-standard directory, it will not be detected. In this case, please inform me about your configuration — I will add this path in the next version of the program.

unQuar scans all connected hard drives, not just the system partition. This allows analyzing quarantines on drives with non-functional systems — you can connect a drive from a system damaged by a virus attack and examine the quarantine for digital evidence.

Search Results

All detected quarantines are displayed as a list with:

• Name of the antivirus program (determined solely based on the file path)
• Physical location of the quarantine files

The antivirus name will in most cases be generic without specifying the exact edition or version.

The number of items in the list varies: some antiviruses store files in a single centralized directory, others create separate quarantine directories on each hard drive (each displayed as a separate item).

Quarantines from previously used but already uninstalled antivirus programs may be detected.

Analyzing Quarantine Contents

After selecting a quarantine from the list, unQuar begins analyzing its contents. The analysis duration depends on the type of antivirus program and the number of items in the quarantine. For each found object, the following is displayed:

• Original path before the object was quarantined
• Object type
• Date the object was quarantined
• Name of the virus detected in the object

In rare cases, not all information may be available due to specifics of the particular antivirus's data storage format.

Date Display Formats and Their Interpretation

• Date quarantined: 2023-10-05 14:30:00

The date the object was quarantined was recorded in the quarantine files in UTC format, but is displayed according to the system's current time zone.

• Date quarantined: 2023-10-05 14:30:00 (L)

The date was recorded in the quarantine files in local time and is displayed unchanged "as is". The letter L in parentheses indicates local time.

• Estimated date quarantined: 2023-10-05 14:30:00

The date the object was quarantined was not found in the quarantine files. As the date, the modification date of the quarantine file itself is displayed according to the system's current time zone.

Special Situations and Error Handling

Working with an Active Antivirus

If you open a quarantine from a running antivirus program, some quarantine files may be locked by the antivirus itself. In this case, unQuar will request permission to continue with elevated administrator privileges.

• If granted, locked files will be processed
• If denied, locked files will be skipped

A similar situation occurs if the antivirus program has set DACL (Discretionary Access Control List) permissions on the quarantine directory and its files that prevent regular users from opening them.

Errors During Quarantine Analysis

If errors occur during analysis, their list is displayed immediately after analysis completes.

Error types:

• "Physical" errors. Inability to open a file, data read errors. The program cannot do anything about these errors.
• "Logical" errors. Discrepancy between expected data and structures within quarantine files and the actual data. These errors can (and should) be fixed by improving parsing algorithms.

If you encounter logical errors, please send me the problematic files for analysis — this will allow me to fix the algorithms, and future versions of the program will work more correctly.

Operations with Quarantine Objects

Important principle: unQuar always opens files in read-only mode and never modifies the actual quarantine contents.

Available Actions:

Open report. Opens a window with a detailed text report about the selected quarantine object. The report contains all available information that unQuar was able to extract. Important Notes: detailed report functionality is available only in unQuar PRO.

Open VT report. Opens a browser page to VirusTotal.com with a report on the selected quarantine object. If the object hasn't been uploaded to VirusTotal before, the report will be empty.

Save as. Saves the selected quarantine object as a file for further analysis. Security measure: the file is saved with an additional .infected extension to prevent accidental execution and system infection.

Save PWD ZIP as. Saves the selected quarantine object as an encrypted ZIP file. Decryption password: "infected" (without quotes). Useful if the running antivirus immediately deletes extracted files. Allows safe file transfer via email for analysis.

Checksum Verification and Data Integrity

If quarantine files contain an object's checksum in their metadata, this checksum is verified against the actual checksum when performing any operation (saving, opening a report). In case of mismatch, a corresponding warning is displayed.

Why might checksums not match:

1. Technical issues (rare)
   • The antivirus program saved the checksum or the file itself incorrectly (unlikely)
   • A decoding error occurred within unQuar
2. Checksum refers to an embedded object

Some antivirus programs (e.g., 360 Total Security) don't hash the entire file - they hash only the embedded object they detected as malicious, while storing the full container file in quarantine.

Example: when scanning Dharma.exe, the antivirus detects a threat inside embedded object EVER\1saas\1sass.exe. It stores:

• The full Dharma.exe file in quarantine
• The checksum of only the embedded 1sass.exe in the metadata

Result: the checksum of the full file won't match the stored checksum - even though everything was stored correctly.

In most cases, if the checksums don't match, you can view the object's text report and see an explanation in the raw data. For the example case, you might see the following lines in the raw data:

@208: E:\Ransomware\Dharma.exe=>EVER\1saas\1sass.exe
@209: E:\Ransomware\Dharma.exe

List of supported antivirus programs

unQuar can extract objects from quarantines of the following antivirus programs (names and file paths where the utility searches for quarantine files):

1. 360 Total Security (c) Beijing Qihu Keji Co. Ltd.: 360safe.Summary.dat + .q3q files, .vir files
   • %DRIVE%:\$360Section
   • %DRIVE%:\360Rec
2. Acronis (c) Acronis International GmbH: .zip files
   • %PROGRAMDATA%\Acronis\NGMP\quarantine
3. Adlice Diag (c) Adlice Software: .meta files + .vir files
   • %PROGRAMDATA%\ADiag\quarantine
4. Adlice Protect (RogueKiller) (c) Adlice Software: .meta files + .vir files
   • %PROGRAMDATA%\RogueKiller\quarantine
5. Advanced System Protector (c) Systweak Software: QDetail.db + ._qt_ files
   • %APPDATA%\Systweak\Advanced System Protector\Quarantine
6. AhnLab (c) AhnLab, Inc.: quarantine files (magic "kp"\0x01\0x01"AhnLab Quarantine Data File"), .V3B files (magic "AhnLab Inc. 2006")
   • %PROGRAMFILES%\AhnLab\V3Lite40\Quarantine
   • %PROGRAMFILES%\AhnLab\V3IS90\Quarantine
   • %PROGRAMFILES%\AhnLab\V3IS80\Backup\V3B
   • %PROGRAMFILES%\AhnLab\V3IS2007\Backup\V3B
7. ALYac (c) ESTsecurity Corp: .aqi files + .ayq files (magic "AYCFS")
   • %PROGRAMDATA%\ESTsoft\ALYac\quarantine
   • %PROGRAMDATA%\ESTsoft\ALYac\collect
8. Amiti Antivirus (c) NETGATE Technologies s.r.o.: .ifc files
   • %APPDATA%\Amiti Antivirus\Cage
9. Arcabit (c) Arcabit: .aqv files
   • %PROGRAMDATA%\Arcabit\quarantine
10. Ashampoo Anti-Virus (c) Ashampoo GmbH & Co. KG: .EQF files (magic \0xF0\0xD9\0x86\0xA7\0xB1\0xEE\0xD9\0x47\0xB9\0xD4\0x58\0x14\0x65\0x6E\0x02\0x70)
    • %PROGRAMFILES%\Ashampoo\Ashampoo Anti-Virus\Quarantine
11. AulapG (c) Fajar Anggiawan: quarantine.ini + data files
    • %LOCALAPPDATA%\AulapG\Quarantine
12. Auslogics Anti-Malware (c) Auslogics Labs Pty Ltd: .info files + .quarantine files
    • %DRIVE%:\anti-malware.quarantine
13. Avast (c) Gen Digital Inc.: vault.db + .dat files, index.xml + data files
    • %DRIVE%:\$AV_ASW\$VAULT
    • %PROGRAMDATA%\AVAST Software\Avast\$AV_ASW\$VAULT
    • %PROGRAMDATA%\AVAST Software\Avast\chest
14. AVG (c) Gen Digital Inc.: vault.db + .dat files, index.xml + data files
    • %DRIVE%:\$AV_AVG\$VAULT
    • %PROGRAMDATA%\AVG\Antivirus\$AV_AVG\$VAULT
    • %PROGRAMDATA%\AVG\Antivirus\chest
15. Avira Antivirus (c) Avira Operations GmbH.: .qua files (magic "AntiVir Qua")
    • %PROGRAMDATA%\Avira\Antivirus\INFECTED
    • %PROGRAMDATA%\Avira\AntiVir Desktop\INFECTED
    • %PROGRAMDATA%\Avira\AntiVir PersonalEdition Classic\INFECTED
    • %PROGRAMDATA%\AntiVir PersonalEdition Classic\INFECTED
16. Avira Security (c) Avira Operations GmbH.: .qua files
    • %PROGRAMDATA%\Avira\Endpoint Protection SDK\quarantine
17. Baidu Antivirus (c) Baidu: .qv files
    • %PROGRAMFILES%\Baidu Security\Baidu Antivirus\%VERSION%\qv
18. BitDefender (c) Bitdefender: .dat files + .bdq files
    • %PROGRAMDATA%\Bitdefender\Desktop\Quarantine
    • %PROGRAMDATA%\Bitdefender\Desktop\QuarantineBackup
19. CMC Antivirus (c) CMC Cyber Security: .cmc files (magic "CMC Quarantined Malware")
    • %PROGRAMFILES%\CMC\Antivirus\JAIL
20. Combo Cleaner (c) RCS LT: .dat files + .bdq files
    • %PROGRAMFILES%\Combo Cleaner\quarantine
21. Comodo (c) Comodo Security Solutions, Inc.: [{GUID}.info files] + {GUID} files
    • %PROGRAMDATA%\Comodo\Cis\Quarantine\data
    • %DRIVE%:\CCE_Quarantine
22. C-Prot/Chomar (c) C-Prot UK: Chomar.db + .7z files
    • %PROGRAMDATA%\CHOMAR\Antivirus\Quarantine
    • %PROGRAMDATA%\CHOMAR\Internet Security\Quarantine
23. CybeeAI (c) Cybee.ai: data files
    • %PROGRAMFILES%\CybeeAI\Quarantine
24. CyberLock (c) VoodooSoft, LLC: quarantine.db + .voo files
    • %PROGRAMDATA%\CyberLock\Quarantine
25. Dr.Web/Dr.Web CureIt! (c) Doctor Web: .met files + data files
    • %DRIVE%:\DrWeb Quarantine
    • %USERPROFILE%\Doctor Web\CureIt Quarantine
26. Emsisoft (c) Emsisoft: .EQF files (magic \0xF0\0xD9\0x86\0xA7\0xB1\0xEE\0xD9\0x47\0xB9\0xD4\0x58\0x14\0x65\0x6E\0x02\0x70)
    • %PROGRAMFILES%\Emsisoft Internet Security\Quarantine
    • %PROGRAMFILES%\Emsisoft Anti-Malware\Quarantine
    • %DRIVE%:\EEK\Quarantine
27. eScan (c) MicroWorld Technologies Inc.: .vir files
    • %PROGRAMFILES%\eScan\INFECTED
28. ESET (c) ESET: .NDF files (magic "FQDF"/"EQDF") + .NAF files
    • %SYSTEM32%\config\systemprofile\AppData\Local\ESET\ESET NOD32 Antivirus\Quarantine
    • %SYSTEM32%\config\systemprofile\AppData\Local\ESET\ESET Security\Quarantine
    • %SYSTEM32%\config\systemprofile\AppData\Local\ESET\ESET Endpoint Antivirus\Quarantine
    • %LOCALAPPDATA%\ESET\ESET NOD32 Antivirus\Quarantine
    • %LOCALAPPDATA%\ESET\ESET Security\Quarantine
    • %LOCALAPPDATA%\ESET\ESET Endpoint Antivirus\Quarantine
    • %LOCALAPPDATA%\ESET\ESETOnlineScanner\Quarantine
29. FortiClient (c) Fortinet, Inc.: quarantine files (magic "QUARF")
    • %PROGRAMFILES%\Fortinet\FortiClient\quarantine
30. F-Prot (c) FRISK Software: quarantine files (magic "KSS")
    • %PROGRAMDATA%\FRISK Software\F-PROT Antivirus for Windows\fq
31. F-Secure (c) F-Secure: .qua files
    • %PROGRAMDATA%\Endpoint Protection SDK\quarantine
32. G Data (c) G DATA CyberDefense AG: .q files (magic \xCA\xFE\xBA\xBE)
    • %PROGRAMDATA%\G DATA\AVK\Quarantine
    • %PROGRAMDATA%\G DATA\AntiVirusKit Client\Quarantine
    • %PROGRAMDATA%\G DATA\AntiVirus ManagementServer\Quarantine
33. Gridinsoft Anti-Malware (c) Gridinsoft LLC: .info files + .zip files
    • %PROGRAMDATA%\GridinSoft\Anti-Malware\storage
34. Heimdal Next-Gen Antivirus (c) Heimdal
    • %PROGRAMDATA%\Microsoft\Windows Defender\Quarantine (not a mistake, Heimdal is actually using Windows Defender's quarantine)
35. HitmanPro (c) Sophos: quarantine.xml + GUID files [metadata only]
    • %PROGRAMDATA%\HitmanPro\Quarantine
36. Huawei HiSec Endpoint (c) Huawei Technologies Co., Ltd: quarantineDb.db + .QKYun files
    • %PROGRAMDATA%\EDR-Agent\Quarantine
37. Huorong Internet Security (c) Beijing Huorong Network Technology Co., Ltd.: QuarantineEx.db + quarantine files (magic "YPPY")
    • %PROGRAMDATA%\Huorong\Sysdiag\Quarantine
38. Intego (c) Intego: quarantine.dbiav + .iav files
    • %PROGRAMDATA%\Intego\quarantine
39. IObit Advanced SystemCare Ultimate (c) IObit: .dat files + .bdq files
    • %PROGRAMFILES%\IObit\Advanced SystemCare Ultimate\Antivirus\BackupRec
40. IObit Malware Fighter (c) IObit: .dat files + .bdq files
    • %PROGRAMFILES%\IObit\IObit Malware Fighter\Quarantine
41. K7 Antivirus (c) K7 Computing Pvt Ltd.: .qnt files (magic "K7Qt")
    • %PROGRAMDATA%\K7 Computing\K7TSecurity\K7AntiVirus\Quarantine
42. Kaspersky (c) AO Kaspersky Lab: .klq files (magic "KLQB")
    • %PROGRAMDATA%\Kaspersky Lab\%PRODUCTNAME%\QB
    • %PROGRAMDATA%\Kaspersky Lab\%PRODUCTNAME%\Quarantine
    • %PROGRAMDATA%\Kaspersky Lab\%PRODUCTNAME%\Backup
    • %DRIVE%:\KVRT2020_Data\Quarantine
43. Loaris Trojan Remover (c) Loaris Cybersecurity Inc.: .info files + .zip files
    • %PROGRAMDATA%\Loaris\Trojan Remover\storage
44. Malware Hunter (c) Glarysoft: .quq files
    • %DRIVE%:\$GlaryQuarantine
45. Malwarebytes (c) Malwarebytes: .data files + .quar files
    • %PROGRAMDATA%\Malwarebytes\MBAMService\Quarantine
    • %PROGRAMDATA%\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
    • %PROGRAMDATA%\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine
    • %APPDATA%\Malwarebytes\MBAMService\Quarantine
    • %APPDATA%\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
    • %APPDATA%\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine
46. McAfee (c) McAfee, LLC: .bup files (magic \0xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1)
    • %PROGRAMDATA%\McAfee\VirusScan\Quarantine
    • %DRIVE%:\QUARANTINE
47. Micropoint AntiVirus Software (c) Micropoint Corp.: mp100094.mpl + .dat files
    • %PROGRAMFILES%\MPAV\MP14
48. Microsoft Security Essentials (c) Microsoft
    • %PROGRAMDATA%\Microsoft\Microsoft Antimalware\Quarantine
49. mks_vir (c) mks_vir Sp. z o.o.: .aqv files
    • %PROGRAMDATA%\mks_vir\quarantine
50. NANO Antivirus (c) NANO Security: {9B7D1980-V004-*} files (magic \0x01\x0F\x13\xAE)
    • %PROGRAMDATA%\nanoav
51. NGAV (c) MSecure® Data Labs: .q files + .q00 files
    • %PROGRAMFILES%\NGAV Smart Security Anti-Malware\q
    • %PROGRAMFILES%\NGAV-NetGuardian\q
52. Norton (c) Gen Digital Inc.: .qbi files + .qbd files
    • %PROGRAMDATA%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\%VERSION%\QBackup
53. Norton 360 (c) Gen Digital Inc.: vault.db + .dat files, index.xml + data files
    • %DRIVE%:\$AV_NLL\$VAULT
    • %PROGRAMDATA%\Norton\Antivirus\$AV_NLL\$VAULT
    • %PROGRAMDATA%\Norton\Antivirus\chest
54. OmniDefender (c) OmniDefender: .json files + .zz files
    • %PROGRAMFILES%\OmniDefender\Quarantine
55. Panda (c) Panda Security: GUID files
    • %PROGRAMDATA%\Panda Security\Panda Security Protection\Quarantine
56. PC Doctor (c) MSecure® Data Labs: .q files + .q00 files
    • %PROGRAMDATA%\AVHome\Q
57. Priil Internet Security (c) Priil Ltd: threatinfo.json + .vir files, .info files + .qfile files
    • %PROGRAMDATA%\Priil Internet Security\QuarantiedFiles
58. Protegent (c) Unistal Systems Pvt. Ltd.: .q files + .q00 files
    • %PROGRAMDATA%\PGHome\Q
59. Quick Heal (c) Quick Heal Technologies Limited: quarfun.db + data files
    • %PROGRAMFILES%\Quick Heal\Quick Heal Total Security\QUARANTINE
    • %PROGRAMFILES%\Quick Heal\Quick Heal Internet Security\QUARANTINE
    • %PROGRAMFILES%\Quick Heal\Quick Heal AntiVirus Pro\QUARANTINE
    • %PROGRAMFILES%\Quick Heal\Quick Heal IS Essentials\QUARANTINE
60. REVE Antivirus (c) REVE Antivirus: .dat files + .bdq files
    • %PROGRAMDATA%\REVE Antivirus\Common\Quar
61. Rising Antivirus (c) Beijing Rising Information Technology Co., Ltd.: .bin files (magic \0x4D\0x65\0xBC\0x02)
    • %DRIVE%:\RavBin
62. SecureAPlus/CatchPulse (c) SecureAge Technology: AntiVirus.db + .qr2 files
    • %PROGRAMDATA%\SecureAge Technology\SecureAge\AntiVirus\Quarantine
63. Shield Antivirus (c) ShieldApps Software Innovations: .qua files
    • %PROGRAMDATA%\Endpoint Protection SDK\quarantine
64. SiriusGPT (c) VoodooSoft, LLC: quarantine.db + .gpt files
    • %PROGRAMDATA%\SiriusGPT\Quarantine
65. SiyanoAV (c) Siyano Labs Pvt. Ltd.: threatinfo.json + .info files + .qfile files
    • %PROGRAMDATA%\SiyanoAV Antivirus Pro\QuarantiedFiles
    • %PROGRAMDATA%\SiyanoAV Internet Security\QuarantiedFiles
    • %PROGRAMDATA%\SiyanoAV Total Security\QuarantiedFiles
66. SMADAV (c) Smadsoft: .dav files (magic "Dav!")
    • %DRIVE%:\[Smad-Cage]
67. Spy Emergency (c) NETGATE Technologies s.r.o.: .ifc files
    • %APPDATA%\Spy Emergency\Cage
68. Spybot - Search & Destroy (c) Safer-Networking Ltd.: .zip files
    • %PROGRAMDATA%\Spybot - Search & Destroy\Quarantine
69. SUPERAntiSpyware (c) RealDefense LLC: quarantine.db
    • %APPDATA%\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine
70. Symantec (c) Broadcom: .vbn files
    • %PROGRAMDATA%\Symantec\Symantec Endpoint Protection\%VERSION%\Data\Quarantine
71. Systweak Antivirus (c) Systweak Software: .qua files
    • %PROGRAMDATA%\Systweak\Systweak Antivirus\Endpoint Protection SDK\quarantine
72. T9 Antivirus (c) Tweaking Technologies: .qua files
    • %PROGRAMDATA%\Tweaking\T9 Antivirus\Endpoint Protection SDK\quarantine
73. TACHYON Internet Security (c) INCA Internet Corporation: Name_GUID files
    • %PROGRAMDATA%\TACHYON\T6\quarantine\Backup
    • %PROGRAMFILES%\Common Files\TACHYON\T5\Quarantine\Backup
74. Tencent PC Manager (c) Tencent: virusclean.db + data files
    • %PROGRAMDATA%\Tencent\QQPCMgr\Quarantine
75. Total Defence (c) Total Defense LLC: .dat files + .bdq files
    • %PROGRAMFILES%\TotalDefense\Suite\Anti-Virus\Quarantine
76. TotalAV (c) Total Security US LLC: .qh files + .dat files
    • %PROGRAMDATA%\SecuritySuite\Quarantine
77. Trellix Stinger (c) Musarubra US LLC: .zip files
    • %DRIVE%:\Quarantine\Stinger\quarantine
78. Trend Micro (c) Trend Micro Incorporated: quarantine files (magic \0xA9\0xAC\0xBD\0xA7)
    • %PROGRAMDATA%\Trend Micro\AMSP\quarantine
    • %PROGRAMFILES%\Trend Micro\HouseCall\log
79. Twister Antivirus (c) Filseclab Corporation: .TBI files (magic "Twister Quarantine File")
    • %PROGRAMFILES%\Filseclab\Twister\quarantine
80. Vipre (c) VIPRE Security Group, Inc.: QR{GUID}NNNNNNNN.xml files + {GUID}_ENC2 files + .dat files + .bdq files
    • %PROGRAMDATA%\VIPRE\Quarantine
81. Vir.IT eXplorer (c) TG Soft S.r.l.: .lst files + .cr2 files
    • %PROGRAMDATA%\viritlite\BACKUP
82. ViRobot Security (c) Hauri, Inc.: .vsq files
    • %PROGRAMDATA%\Hauri\ViRobot Security\Backup
83. VirusChaser (c) SGA EPS Co., Ltd.: VC90.db/VC100.db + .vir files
    • %PROGRAMFILES%\Virus Chaser\VC90\Backup
    • %PROGRAMFILES%\Virus Chaser\VC100\VCBack\VirBack
84. VIRUSfighter/SPYWAREfighter (c) SPAMfighter: data files
    • %PROGRAMDATA%\Common Toolkit Suite\AVEngine\Quarantine
85. Watchdog Anti-Malware (c) Watchdog Development: info + file
    • %LOCALAPPDATA%\WAMSDK\Quarantine
86. Watchdog Anti-Virus (c) Watchdog Development: info.json + file
    • %LOCALAPPDATA%\WSDK\Quarantine
87. Webroot (c) Open Text Corporation: dbl.db + .dat files
    • %PROGRAMDATA%\WRData\qrnexl
88. Windows Defender (c) Microsoft
    • %PROGRAMDATA%\Microsoft\Windows Defender\Quarantine
89. WinZip Malware Protector (c) WinZip Computing: QDetail.db + ._qt_ files
    • %APPDATA%\Nico Mak Computing\WinZip Malware Protector\Quarantine
90. WiseVector StopX (c) Beijing Zhilang Technology Co., Ltd.
    • %PROGRAMFILES%\WiseVector\qua
91. X-Sec Malware Scanner (c) X-Sec: .bin files
    • %DRIVE%:\X-Sec_Malware_Scanner_x64\Quarantine
    • %DRIVE%:\X-Sec_Malware_Scanner_x86\Quarantine
92. Xvirus Anti-Malware (c) Xvirus: quarantinedata.xdb + .infected files
    • %PROGRAMFILES%\Xvirus Anti-Malware\quarantine
93. Zillya (c) ALLIT Service LLC.: .avqr files (magic "ZAVQUAR", "ZISQUAR", "ZTSQUAR"), .zqr files (magic "ZAVQUAR")
    • %DRIVE%:\ZAV.QUAR
    • %DRIVE%:\ZIL.QUAR
    • %DRIVE%:\ZIS.QUAR
    • %DRIVE%:\ZTS.QUAR
94. ZoneAlarm (c) Check Point: GUID files
    • %PROGRAMDATA%\CheckPoint\Endpoint Security\Remediation\Quarantine

FAQ:

Q: Why is the list of supported antiviruses so short, and why is [Antivirus Name] not on it?
A: Several factors limit the list:

1. Encryption: The vast majority of modern antiviruses use strong encryption for quarantined files. Recent encryption methods have become too complex for reliable decryption without official documentation.
2. Technical Complexity: Full reverse-engineering of proprietary quarantine formats requires significant expertise and time, which is not always feasible.
3. Availability: Some antiviruses do not offer a trial version for testing, and corporate-grade security products are generally inaccessible for development purposes.

Q: What does the note "[metadata only]" mean?
A: This note indicates that the quarantine's encryption method is currently unknown. The utility can only extract an object's metadata but not the original file.

Q: My antivirus [Antivirus Name] stores its quarantine in [Dir Name], but this path is not in your list, and the utility cannot find it. How can I fix this?
A: The default search paths may not cover all possible custom installations. Please email me the details of your setup (antivirus name, version, and full path to the quarantine folder), and I will add this directory to the search list in the next update.

Q: I know the quarantine format/encryption method for [Antivirus Name]. If I share this information, can you add full support for it to the utility?
A: Yes, absolutely. I welcome community contributions. If you can provide a detailed description, and especially sample files (if possible), please contact me via email. I will be glad to implement full support for that quarantine in a future release.

Contacts

You can contact me by email at da[@]unquar[.]com.

unQuar (c) Denis Anisimov 2026