Deleted threats in System Restore


I’ve been watching a YouTube test of CIS 5.9

After scanning a folder with malware the reviewer deleted the quarantined files (minute 15 of the video).
Further along (minute 22.15) a computer scan found all those threats in Windows System Restore.
Could someone explain? Is it a bug?


It’s not a bug. System restore does not distinguish between malware and normal programs. Therefor it is possible that malware gets stored in System Restore.

Thanks for the answer Eric.
But, shouldn’t the malware have been definitely erased?
As I understand this situation is a one-off; I did some tests of my own after watching the video and couldn’t reproduce it.
Anyway, no big worry I suppose.

With default Windows settings it is not possible to access the contents of the System Restore folders. It is possible to open access to System Restore folders though: .