A Generic Potentially Unwanted Program
) detection is a very broad threat category that can include any number of different programs to include those which are benign as well as malicious. Certain embedded files that are part of legitimate programs, may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool
", "Hacking Tool
", "Potentially Unwanted Program
", or even "Malware
" (virus/trojan) when that is not the case
Some programs falling into the PUP category have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential
for being misused by others. Anti-virus scanners cannot distinguish
between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove
them. In many cases such detections can be a "False Positive
". Since these detections do not necessarily mean the file is malware or a bad program, you need to investigate further if not familiar with them.
When an anti-virus or security program quarantines
a file by renaming and moving it into a virus vault (chest) or a dedicated quarantine folder, that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat
until you take action to delete it. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "false positive
" especially if the scanner uses heuristic analysis
technology. Heuristics is the ability of a scanning program to detect possible new variants of malware
before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. If that is the case, then you can restore the file and add it to the exclusion or ignore list. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure
. When the quarantined file is known to be malicious
, you can delete
it at any time usually by launching the program which removed it, going to the Quarantine tab, and choosing the option to delete. If it was a false positive, then you can choose the option to restore the file.
Anytime you come across a suspicious file for which you cannot find any information about or you want a second opinion, submit it to Jotti's virusscan
. In the "File to upload & scan
" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
You can also get a second opinion for your entire system by performing an Online Virus Scan