Research Article

An AI-Powered Heuristic Malware Repair System for Windows Defender Quarantine Recovery

by  Ashmit Sharma, Suman Kumar Mishra
journal cover
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 187 - Issue 119
Published: June 2026
Authors: Ashmit Sharma, Suman Kumar Mishra
10.5120/ijcad02fc0b3c281
PDF

Ashmit Sharma, Suman Kumar Mishra . An AI-Powered Heuristic Malware Repair System for Windows Defender Quarantine Recovery. International Journal of Computer Applications. 187, 119 (June 2026), 24-30. DOI=10.5120/ijcad02fc0b3c281

                        @article{ 10.5120/ijcad02fc0b3c281,
                        author  = { Ashmit Sharma,Suman Kumar Mishra },
                        title   = { An AI-Powered Heuristic Malware Repair System for Windows Defender Quarantine Recovery },
                        journal = { International Journal of Computer Applications },
                        year    = { 2026 },
                        volume  = { 187 },
                        number  = { 119 },
                        pages   = { 24-30 },
                        doi     = { 10.5120/ijcad02fc0b3c281 },
                        publisher = { Foundation of Computer Science (FCS), NY, USA }
                        }
                        %0 Journal Article
                        %D 2026
                        %A Ashmit Sharma
                        %A Suman Kumar Mishra
                        %T An AI-Powered Heuristic Malware Repair System for Windows Defender Quarantine Recovery%T 
                        %J International Journal of Computer Applications
                        %V 187
                        %N 119
                        %P 24-30
                        %R 10.5120/ijcad02fc0b3c281
                        %I Foundation of Computer Science (FCS), NY, USA
Abstract

Antivirus software is essential for protecting computers, but it creates a common problem for all the users, when files are quarantined, users are directed in the frame of mind that the file that was quarantined was a malicious file that is nowhere going to get recovered , this creates an unjust stigma in the brain of any user. This paper presents an AI-Powered Heuristic Malware Repair System that automatically repairs quarantined files working side-by-side with existing antivirus software , i.e. Microsoft Defender, instead of simply removing them from the user’s sight. The system listens to the events of Windows Defender through Windows Management Instrumentation (WMI) event polling then detects quarantined files in a limited time frame, and applies file-type-specific repair algorithms for regular used in common formats: PDF, DOCX, XLSX, ZIP, and script files. These results have been tested in real-world scenarios using a mix of real malware samples (from the EMBER dataset) and varied test inputs of over hours demonstrated an overall recovery rate of 91.0% ,with zero false negatives across all regular documents that are being used in real life.

References
  • Rossow, C., Dietrich, C. J., Grier, C., Kreibich, C., Paxson, V., Pohlmann, N., and Sticht, M. (2013). Prudent Practices for Designing Malware Experiments: Status Quo and Outlook. IEEE Symposium on Security and Privacy, pp. 65–79.
  • Bayer, U., Comparetti, P. M., Hlauschek, C., Kruegel, C., and Kirda, E. (2009). Scalable, Behavior-Based Malware Clustering. Proceedings of the Network and Distributed System Security Symposium (NDSS 2009).
  • Mohaisen, A., Alrawi, O., and Mohaisen, M. (2015). AMAL: High-Fidelity, Behavior-Based Automated Malware Analysis and Classification. Computers & Security, Vol. 52, pp. 251–266.
  • Saxe, J., and Berlin, K. (2015). Deep Neural Network Based Malware Detection Using Two Dimensional Binary Program Features. Proceedings of the 10th International Conference on Malicious and Unwanted Software (MALWARE), IEEE.
  • Anderson, H. S., and Roth, P. (2018). EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models. arXiv preprint arXiv:1804.04637. Available: https://arxiv.org/abs/1804.04637
  • Chen, L., Ye, Y., and Bourlai, T. (2022). Adversarial Machine Learning in Malware Detection: Arms Race Between Evasion Attack and Defense. Proceedings of the IEEE European Symposium on Security and Privacy Workshops.
  • Carmony, C., Han, X., Yin, H., Bhaskar, A. V., and Zhang, Y. (2016). Extract Me If You Can: Abusing PDF Parsers in Malware Detectors. Proceedings of NDSS 2016, San Diego, CA.
  • Leder, F., and Werner, T. (2009). Know Your Enemy: Containing Conficker. The Honeynet Project Technical Report.
  • Demetrio, L., Biggio, B., Lagorio, G., Roli, F., and Armando, A. (2021). Functionality-Preserving Black-Box Optimization of Adversarial Windows Malware. IEEE Transactions on Information Forensics and Security, Vol. 16, pp. 3469–3478.
  • Mohaisen, A., and Alrawi, O. (2013). AV-Meter: An Evaluation of Antivirus Scans and Labels. Lecture Notes in Computer Science, Detection of Intrusions and Malware & Vulnerability Assessment, Springer, pp. 112–131.
  • Ion, I., Reeder, R., and Consolvo, S. (2015). "...No One Can Hack My Mind": Comparing Expert and Non-Expert Security Practices. Proceedings of the Eleventh Symposium On Usable Privacy and Security (SOUPS 2015), USENIX.
  • Microsoft Corporation. (2023). Windows Management Instrumentation (WMI) Overview and Security Event Monitoring. Microsoft Security Documentation, Microsoft Learn. Available: https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page
  • NIST SP 800-83 Rev. 1. (2022). Guide to Malware Incident Prevention and Handling for Desktops and Laptops. National Institute of Standards and Technology, U.S. Department of Commerce. Available: https://csrc.nist.gov/publications/detail/sp/800-83/rev-1/final
  • Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., and Nicholas, C. (2018). Malware Detection by Eating a Whole EXE. AAAI Workshops on Artificial Intelligence for Cyber Security (AICS).
  • Gibert, D., Mateu, C., and Planes, J. (2020). The Rise of Machine Learning for Detection and Classification of Malware: Research Developments, Trends and Challenges. Journal of Network and Computer Applications, Vol. 153, Article 102526.
  • Likarish, P., Jung, E., and Jo, I. (2009). Obfuscated Malicious JavaScript Detection Using Classification Techniques. 4th International Conference on Malicious and Unwanted Software (MALWARE 2009), IEEE.
  • Jordaney, R., Sharad, K., Dash, S. K., Wang, Z., Papini, D., Nouretdinov, I., and Cavallaro, L. (2017). Transcend: Detecting Concept Drift in Malware Classification Models. USENIX Security Symposium, pp. 625–642.
Index Terms
Computer Science
Information Sciences
No index terms available.
Keywords

Malware Repair Windows Defender WMI Integration Heuristic Analysis File Recovery Quarantine Management Cybersecurity Automation

Powered by PhDFocusTM