Spyware, Viruses, & Security forum

General discussion


by Mikel72 / April 18, 2007 10:36 AM PDT

I know about the definition of QUARANTINE, but I would like to know WHY ! I mean... why quarantine that bad files instead of simply delete them. I am trying to find out about its practical use, I think must be some good reason for quarantine.

Somebody knows?

Post a reply
Discussion is locked
You are posting a reply to: why QUARANTINE?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: why QUARANTINE?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
One of the reasons is for
by roddy32 / April 18, 2007 11:44 AM PDT
In reply to: why QUARANTINE?

false positives. If you delete something that you need, you might have problems. There is NO program that does not have an occasional false positive.

Collapse -
2 reasons I can think of
by Donna Buenaventura / April 18, 2007 11:46 AM PDT
In reply to: why QUARANTINE?

1. To be safe - user can restore them back in case it is only a false positive
2. To submit for further analysis - even it is detected already, submitting risks found help the vendor determine whether the bad one is still in the wild or there is more nasty variant.

Collapse -
3th reason
by satishkhode / April 20, 2007 3:08 PM PDT

Some anti virus program block the file access from this area. In case you can not clear the virus which creates a new file for action, when you deleted it, it will be regenerated.
But push it into this area make no access, therefore the backdoor program can not access it anymore.

I have experence that if I delete the virus file but I can not clear the virus, it will regrnerated another file for doing somthing, and the virus program always popup and say virus file is found.

Collapse -
In addition
by tomron / April 18, 2007 11:56 AM PDT
In reply to: why QUARANTINE?
Collapse -
System Restore plays the Devil in some cases.
by Battle Axe / April 20, 2007 4:15 PM PDT
In reply to: In addition

I had this specific problem wherin if I 'deleted' the virus/worm/Trojan Horse, at the next complete system scan, it would again show up through some directory like C:\System Volume Information\System Restore\A1274897.exe. I figured this later that the Windows System Restore Utility was always backing up the virus, when I deleted it thru my Antivirus. That's not the case with quarantine. So, better to 'Quarantine' than 'Delete'. IF U do want to delete the virus, disable System Restore(not recommended).

Abhishek alias 'Dexter', Mumbai, India.

Collapse -
That is by design
by Donna Buenaventura / April 20, 2007 6:54 PM PDT
Collapse -
How I realize what files to quarantine?
by Mikel72 / April 21, 2007 1:03 AM PDT
In reply to: That is by design

OK, thanx to you for your responses... you are very helpful!

Sorry,but I don't understand clearly the "3th reason" listed above, are you saying when you delete a "infected file" for some reason it will be recreated with the same "infected issues" ? then I think is a vicious circle.

OK, I have a NEW question about QUARANTINE...

Definitely QUARANTINE is a good option BUT I think is not the BETTER one (just is better than delete). The ideal procedure would be TO QUARANTINE only the files you are NOT SURE they are dangerous or maybe you suspect your system or some programs could use them for properly reasons.

SO... HOW I can realize WHAT files to quarantine or delete? I think if you quarantine everything you gonna have a big place with quarantined files with NO clear reasons for that.

I'm just trying to find out the best way to do this procedure...

Thank you

Collapse -
3th reason means thirdth reason
by satishkhode / April 21, 2007 1:35 AM PDT

Donna Buenaventura gave two reasons, I added one.

Some backdoor programs actually can not detected by anti viurs software because they do not carry any suspect informatiom, but when they activate, they will generate a virus file that is detected immediately, and the anti viurs will tell virus file is found. If you delete it right at once, next time the backdoor program activate, if they find the previous generated virus file is missing, they will re-generate one, and sure anti viurs program will tell you virus file is found and prompt you to delete it, threrfore a cycle-war start.

To solve this problem , the better way is to reinstall window system again.

If you want to finish your work before reinstall window system, the temp way is to move the virus file into QUARANTINE area. This will disable the virus file access from outside and hence temporary stop the back door program.

The QUARANTINE area not only isolate the virus file, but also can protect some important files (such as window kernel system or mos likely virus interested) from being modified by virus.

Collapse -
That is a good reason...
by Mikel72 / April 21, 2007 1:59 AM PDT

I understood clearly this time, thanx.

But you have a good point, I think... Isolate important files from virus atack. How I can do this? Is that really possible or is just a teoric way? Could I isolate my "important files" from foreign activities in order to avoid unwanted modification? how?

Collapse -
Protecting system from modification.
by komailmookhy / April 21, 2007 4:10 AM PDT

Now this is getting serious about protection!

Stopping unsafe applications modifying your system is, I believe, the most likely future in PC protection and to some degree Windows XP gave a nod in this direction with it's limited accounts. It seems that Vista has taken a step further but, so it's alleged, concentrated on usability over security.

There are a few cutting edge programs available which protect your system this way but they do need more user input than many people are happy about. However, have a look at DefenceWall on this forum: http://gladiator-antivirus.com/forum/index.php?showforum=193
(Remember cut and paste links if you don't completely trust the source!).

If after spending a little time on scanning the forum you believe this is for you, try it out, the support is first rate.

If not, invest in good ant-spyware and anti-virus, be careful on line and backup, backup, BACKUP!

Collapse -
Isolate important files from virus atack
by satishkhode / April 21, 2007 3:40 PM PDT
Collapse -
About Avast.
by Mikel72 / April 21, 2007 10:30 PM PDT

Actually I am using avast! free version (60 free days?), I've realized than avast doesn't use the term "quarantine", instead of it use terms like "move/xxx move/yyy" I don't remember. I have a file in the avast chest (I suposse this chest is its quarantine place)...
I am in evaluation, I need a good product for some people who works with me so if you know about important information about avast just let me know.
It works great with Vista and let Limeware do its work too. Tell me more about how it works.


Collapse -
Avast does the great job
by satishkhode / April 22, 2007 12:36 AM PDT
In reply to: About Avast.

The Home version allows Home user free to use but you need to registration on their web and renew annually, please go to link below and get your key

In Avast, the quarantine not just quarantine, so they named it as CHEST. When you install the avast first time, it will prompt you to restart the computer because it added a scan schedule after computer restart for initial scan to make sure your computer is clean after it is installed.

During installation, there are three files put into CHEST System Files area (kernel32.dll, winsock.dll and wsock32.dll). Another area called USER Files allow user to add extra files into this area for protection, I usually put some programs into this area which backdoor programs are interested. The last area is INFECTED FILES area, virus files are move into this area while detected by user's choice (DELETE, MOVE TO CHEST).

For paid version, you can change the action while virus detected such as repair, delete, move to chest. You can also tell avast if your decided operation is failed, what action will follow as well (simple concept just like IF ... ELSE ...).

I am sure that very anti-virus program has its own characteristic but people just install as default and no one want to enhance the functions by simply go through the instructions provided by deveoper.

Avast does the great job, it can set the protection level for web browsing, p2p, IM, network email etc individually. For IT staff, if you suspect SERVER or workstation infected and can not locate the virus from where, you can also let avast to show you what files/programs/dlls are opened/activated that may cause virus action, good troubleshooting tools.

If you want more information, let me know.

Sorry for my bad English!!

Collapse -
Avast maybe did a good job
by mattallica422 / April 22, 2007 1:51 PM PDT

I say this because I could not get them to acknowledge my liscense renewal. It kept telling me to do so but would not accept the liscense number I entered. I repeatedly tried to contact Avast about my problem and was completely ignored. So much for that. I am no longer using Avast although it had been reccommended because I could not renew. Uninstalled it. Useless now. Trying to reinstall seemed not to work either. I am through.

Collapse -
Avast maybe did a good job
by satishkhode / April 22, 2007 5:08 PM PDT

I am sorry on hearing it.

As one of the Avast reseller, I would like to help you. For temporary measure, I can send you the key via the email in your Cnet profile with your permission.

Presently, I only deal with Asia users but my support is region free. So if you have any problems encountered, please let me know.

Collapse -
I am interested in avast!
by Mikel72 / April 23, 2007 6:43 AM PDT

Well, I was looking for a good security suite... I think avast! have some good points, I would like to know more about, I work with people who always ask my for a good choice, I think is time to get an answer.

You posted information in chinese before? c'mon!

Collapse -
System restore
by aljatrad / April 23, 2007 8:14 AM PDT

Yes, but turn it back on again and it will clear stored potential threats.

Collapse -
I am interested in avast! - Reply
by satishkhode / April 23, 2007 1:34 PM PDT
In reply to: why QUARANTINE?

Usually I reply in chinese if question is in chinese, and English in English. Cnet forum seems no Chinese around.

If you want more information about Avast, you can go to their web site..

Since their native language also not English, therefore the response may be a little longer.

However, I can reponse any question about Avast faster than Avast staff because I want to get customer satisfaction. You may rise any question to me, in case I can not answer you, I will redirect yours to Avast support.

Presently I have a chinese wet site for Avast... http://www.multilink.sytes.net/_index.php?nlink=special

I can create a web site in English for those who can not read chinese, but I need to know how many people will happy to see it born.

Collapse -
why quarantine
by komailmookhy / July 4, 2007 11:17 AM PDT
In reply to: why QUARANTINE?


let me explain you why we qurantie files.
In this world internet we use lots of softwares and applications.Some time we like some animated cursors or any thing like a software which we install thinking that this is the one i am looking for.

But sometimes unfortunately we install some infected or malacious softwares or code which in return create a problems in our system like
System slows down or restarts automatically or we loose our data.

so to remove this Drawback we use Anti-virus to protect our system basically norton anti virus has this feature of qurantie files.

now what does qurantie do?
we run a virus scan norton detects a virus trojan horse which is very dangerous so in order to save our data we qurantine that file which is effected so that it should not affect our system because we cannot take risk at the cost of our data.
that is why we delete or qurantie.

now here i will clear your confusion why not delete instead of quratine.


similar to recycle bin we delete data if we dont want it goes to recycle bin later on if we realise that oh that files is important to me i want it back you go to recycle bin and restore it back.

so similarly if you are running an application in that application for eg hall.dll file is infected with virus and you have qurantie because you have qurantie that application wont start so you realise that the file is infected and quratie so you go to qurantie and restore it back with the virus just because you want that application to run.

you may think that you want to complete your project by tommorow morning and till then you can unistall that software and reinstall because you dont have the cd for software or may that cd itself contains virus.

so at last you decided to use this software until morning and restore that file from QURANTINE

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

CNET Holiday Gift Guide

Looking for great gifts under $100?

Trendy tech gifts don't require a hefty price tag. Choose from these CNET-recommended useful and high-quality gadgets.