Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Quarantine


  • Please log in to reply
10 replies to this topic

#1 patbox

patbox

  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 07 March 2009 - 05:48 PM

This is a very simple questions, but does Quarantine exactly mean? When I scan my PC and it finds some virus or malware it gives me options like Delete, Deny, Move to Quarantine. So I move it to Quarantine. And then life goes as normal. So what does the Quarantine stuff do exactly?
Message from Patbox: I AM LOOKING FOR A GIRLFRIEND (PM if interested) :-)

BC AdBot (Login to Remove)

 


#2 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:40 PM

Posted 07 March 2009 - 06:02 PM

Quarantine moves the file to an area where it cannot be used and cause any harm to your system. I believe it is there in case it turns out that it was a false positive and the file is one that you need for your system. If it is something that you need, you can unquarantine it which will put it back in its original location. I never let a file remain in quarantine, I investigate the file and if I deem it unfit to be on my system, I just have the item deleted. If the program doesn't give me the option of deleting it immediately and just puts it in quarantine, I delete it from the quarantine file. My antivirus program gives me the option of repairing so if it is a system file that gets flagged, I might try repairing it first and if that doesnt work, I might put it in quarantine until I reboot and find out if I needed the file. I have been very lucky and have not really had to make that decision yet.

#3 patbox

patbox
  • Topic Starter

  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 07 March 2009 - 06:52 PM

So quarantine is like a folder where this stuff is all put?

Is it deleted from its original location and put to this special folder?
Message from Patbox: I AM LOOKING FOR A GIRLFRIEND (PM if interested) :-)

#4 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:40 PM

Posted 07 March 2009 - 07:01 PM

I believe that is correct

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 PM

Posted 07 March 2009 - 07:03 PM

Hello.

So quarantine is like a folder where this stuff is all put?

Yes, basically that's what it does.

Is it deleted from its original location and put to this special folder?

No. It does not get deleted. It just moves the infection from it's current location to the Quarantine folder. In that folder the infection can not run or install itself. Sometimes the malware file's extensions gets changed to a .vir to prevent you from accidentally running it.. If you want to remove them you will need to manually click the "Delete" button.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 patbox

patbox
  • Topic Starter

  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 07 March 2009 - 07:54 PM

No. It does not get deleted. It just moves the infection from it's current location to the Quarantine folder. In that folder the infection can not run or install itself. Sometimes the malware file's extensions gets changed to a .vir to prevent you from accidentally running it.. If you want to remove them you will need to manually click the "Delete" button.


But the only prevention for the quarantine files to run, is different location. That is it. If another virus finds this folder, it could start executing all files there happily.

Like imagine an virus, that only job is to find the quarantine folder and execute all files there. I have like 20 files in quarantine. That would be a nice mess :-D
Message from Patbox: I AM LOOKING FOR A GIRLFRIEND (PM if interested) :-)

#7 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:40 PM

Posted 07 March 2009 - 07:59 PM

Usually once it is in the quarantine folder it is disabled from running under any circumstance but if your system is running fine after you rebooted after those were put in quarantine, I see no reason to leave them there. Personally, I would delete (delete, NOT restore) them from the quarantine list

Edited by Stang777, 07 March 2009 - 08:01 PM.


#8 patbox

patbox
  • Topic Starter

  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 07 March 2009 - 08:06 PM

Usually once it is in the quarantine folder it is disabled from running under any circumstance but if your system is running fine after you rebooted after those were put in quarantine, I see no reason to leave them there. Personally, I would delete (delete, NOT restore) them from the quarantine list


OK, but how is it disabled for running? Just by putting it to a different folder, it does not disable something from running.

Extreme boy suggested, that the extension is changed to something like .vir

OK but my cool virus, would find a file in quarantine folder, change it to .exe and run it. So I guess there is a different way to disable files from running.

---

The two reasons I do not delete the quarantine folder are:

a. I do not know where it is located.

b. I usually do not run all my 100 installed application every day. Some applications I run once a month or even once year. So, I would never know if the apps are affected until I run them all.

Edited by patbox, 07 March 2009 - 08:07 PM.

Message from Patbox: I AM LOOKING FOR A GIRLFRIEND (PM if interested) :-)

#9 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:40 PM

Posted 07 March 2009 - 08:59 PM

To delete them from quarantine, you do not need to find the quarantine folder and I recommend you do not even try. Just open the program that quarantined them, open the quarantine section and delete them from there.

Chances are those files had nothing to do with any of the programs on your system so I really would not worry about deleting them. It is usually only operating system files that are questionable to remove and obviously your operating system is running just fine without them. You would probably do way more damage to your system if you restored those files than if you deleted them. If you really are worried about them being from one of your programs, take half an hour and open every program on your system. I suspect they will all open up just fine and if they do not, I still would not restore a file from quarantine, I would just reinstall the program or do without it.

My personal belief is once a file is quarantined, it should be deleted. But that is just my opinion.

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 PM

Posted 07 March 2009 - 09:35 PM

Hello.

My personal belief is once a file is quarantined, it should be deleted. But that is just my opinion.

That is not always necessarily true. Sometimes AV can have false-positives and it should not always be removed. There are many malware related tools that get flagged as malicious files. Avira flags many tools we used commonly such as "flash-drive disinfector" or "Smitfraudfix".

A while back ago (a few months) AVG had a very major problem that quarantined one of the windows logon process and therefore people who ran a scan during that time could no longer boot into Windows anymore after reboot. That's why you shouldn't delete something just because it was quarantined. If you can confirm it is "bad" and removing it will not cause any "ill-effects" then do it. Otherwise, leave it as is and once you have confirmed it's safe to remove and you have remove any other things that may cause trouble for you if you remove that file, then deleting it would be fine.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:40 PM

Posted 07 March 2009 - 10:03 PM

A while back ago (a few months) AVG had a very major problem that quarantined one of the windows logon process and therefore people who ran a scan during that time could no longer boot into Windows anymore after reboot. That's why you shouldn't delete something just because it was quarantined. If you can confirm it is "bad" and removing it will not cause any "ill-effects" then do it. Otherwise, leave it as is and once you have confirmed it's safe to remove and you have remove any other things that may cause trouble for you if you remove that file, then deleting it would be fine.

With Regards,
Extremeboy


That is why I had previously stated "if your system is running fine after you rebooted after those were put in quarantine, I see no reason to leave them there." Since I had already made references to investigating the file and rebooting and making sure your system is running fine after they were put in quarantine, I figured it was clear that that should be done when I said "My personal belief is once a file is quarantined, it should be deleted." But apparently it was not clear, my apologies.

Edited by Stang777, 07 March 2009 - 10:13 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users