When an anti-virus or security program quarantines
a file and moves it into a virus vault (chest) or a dedicated Quarantine folder, that file is safely held there and no longer a threat
. The file is essentially disabled and prevented from causing any harm to your system through proprietary security routines which may copy, rename, encrypt and password protect the file as part of the moving process as Didier Stevens explained.
Quarantine is just an added safety measure
which allows you to view and investigate the files while keeping them from harming your computer. One reason for doing this is to prevent deletion of a legitimate file file that may have been flagged as a "false positive
" especially if the scanner uses heuristic analysis
technology. Heuristics is the ability of a scanning program to detect possible new variants of malware
before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. If that is the case, then you can restore the file and add it to the exclusion or ignore list. When the quarantined file is known to be malicious
, you can delete
it at any time by launching the program which removed it, going to the Quarantine tab, and choosing the option to delete.
Keep in mind, however, that if these files are left in quarantine, other scanning programs and security tools may flag them as a threat while in the quarantined area so don't be alarmed if you see such an alert. Just delete the quarantined items after confirming they are malware and subsequent scans should no longer detect them.
Edited by quietman7, 18 January 2011 - 02:20 PM.