What exactly does quarantine mean when dealing with computer scanning software?
Asked by
AshlynM (
10684)
December 1st, 2011
I assume the virus/file is there on my computer but just locked away in a virus vault where it can’t do any harm to my computer? If so, then is there a reason why it’s put in quarantine and not deleted completely by the virus scanning software?
Can I just leave the virus in quarantine and not worry about it? Will it reanimate or do further damage?
Observing members:
0
Composing members:
0
7 Answers
That is pretty much it. Now, as to why you would quarantine something instead of delete it outright, I would imagine that it’s the same reason that the recycle bin exists; to create another useless step to make sure that you are positive that you know you really want to get rid of a file.
A virus in quarantine is pretty much stuck where it is; it won’t cause any further problems as it is forbidden from interacting with anything so long as it remains in quarantine.
Sometimes there are false positives. I have had AVG call something bad that was put into quarantine. Turns out it was needed for the label maker software at work. Luckily I had put it in the quarantine so once I realized what happened I could move it back.
Normally after a few days use I will delete the quarantine once everything seems to work.
At least the virus/worm/malware or ‘suspected’ one is stopped from doing further harm to your computer. You can delete the contents of quarantine anytime. Quarantine is also good when doing investigation and trace-back to find the type of malware present in your computer.
It is also so that if it is a file you need, you will know what you need to rebuild or have resent to you.
It is there for a few reasons but mostly because a file that meets the heuristics (fingerprints) of known virus.
It is in quarantine for various reasons:
1) to remove the file from access by the OS and place it in an area that it can be acted on with a variety of options. delete, submit, return to use, etc
2) a place that you can safely transmit/submit the example to the AV software vendor for examination to determine if it is a new strain.
3) AV Software vendors know about countless numbers of virus and strains, and can trap suspects based on the known ones through heuristics. They don’t always get it right and have false positives. These quarantined false positives can be safely returned to use after a new definition files is published or and exception is created.
AVG put a potential threat into quarantine when it wasn’t actually a virus. But in doing this, it screwed up the functioning of my laptop. I couldn’t open any exe files. Thank god system restore fixed everything. So now…how do I know if the virus scanning software really detected a virus and wants to put it in quarantine? It may not be anything dangerous. How do I determine if it’s really a threat to my computer so I don’t face the problem I had again?
You submit the file in quarantine to the Software vendor in the quarantine area.
There is a method for submittal that varies from manufacturer to manufacturer.
Answer this question
This question is in the General Section. Responses must be helpful and on-topic.