Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 6 subscribers
  • Views 9655 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Quarantined file disappeared from the manager

doxsys
I'm running a scan on my entire hard drive using the Mac OS free edition. I had a warning pop up that a file was infected and quarantined. I opened the quarantine manager per instructions, which had one file in it. I highlighted the file, and when I clicked on the 'more details' button, the file disappeared. The scan is set to just log bad files (rather than move them or clean them up), so this is a bit disconcerting. The only thing I noticed about it was that it was called Info.plist. Any thoughts on whether this is something to worry about?
:1006353


This thread was automatically locked due to age.
Parents
  • 0

    Welcome to the club. :smileyindifferent:

     Every time my Quarantine Manager shows threats, they vanish after after a second or two, before I can even read them.

    I must then resort to reading the log to find the threat and its location - not very convenient! :smileyfrustrated:

    I'm starting to see why this is free software - it's one bug after another.

    I brought up this problem before, and although "Employee Agile Employee" replied to my post, they failed to comment on the issue:

    When I opened the Quarantine Manager, there were several items visible, but they all vanished after about 2 seconds, before I could even check them.

    My preferences are also set to only log threats, not to clean, move or delete them.
    .
    The instructions for dealing with threats don't even apply since threats disappear before they can be dealt with.

    .

    What to do

    1. Open the Quarantine Manager.
    2. Click the Action Available column heading to sort the list of threats according to the action available.
    3. Select all the threats for which the action available is Clean up.
    4. Click Clean Up Threat. 

    etc.

    etc.

    How am I supposed to "select all the threats", when the threats have vanished from the window?
    I don't even understand what Christan said above: "When a threat is detected QM is informed what has been found and where (together with information how cleanup thinks it could deal with it). At open time QM checks if the "where" is still valid and in case the offending file has disappeared the entry is removed from the list - silently that is though, there's no corresponding entry in the log. IMO this action should be logged.  It's quite simple to test this with EICAR. In practice this is likely to occur with caches and temporary files."

    When the threats vanish from QM, the offending file isn't moved at all - I had to remove them manually after looking at the log, so there is a corresponding entry in the log. 

    The "where" was still valid because the files were still there.

    :1006579
Reply
  • 0

    Welcome to the club. :smileyindifferent:

     Every time my Quarantine Manager shows threats, they vanish after after a second or two, before I can even read them.

    I must then resort to reading the log to find the threat and its location - not very convenient! :smileyfrustrated:

    I'm starting to see why this is free software - it's one bug after another.

    I brought up this problem before, and although "Employee Agile Employee" replied to my post, they failed to comment on the issue:

    When I opened the Quarantine Manager, there were several items visible, but they all vanished after about 2 seconds, before I could even check them.

    My preferences are also set to only log threats, not to clean, move or delete them.
    .
    The instructions for dealing with threats don't even apply since threats disappear before they can be dealt with.

    .

    What to do

    1. Open the Quarantine Manager.
    2. Click the Action Available column heading to sort the list of threats according to the action available.
    3. Select all the threats for which the action available is Clean up.
    4. Click Clean Up Threat. 

    etc.

    etc.

    How am I supposed to "select all the threats", when the threats have vanished from the window?
    I don't even understand what Christan said above: "When a threat is detected QM is informed what has been found and where (together with information how cleanup thinks it could deal with it). At open time QM checks if the "where" is still valid and in case the offending file has disappeared the entry is removed from the list - silently that is though, there's no corresponding entry in the log. IMO this action should be logged.  It's quite simple to test this with EICAR. In practice this is likely to occur with caches and temporary files."

    When the threats vanish from QM, the offending file isn't moved at all - I had to remove them manually after looking at the log, so there is a corresponding entry in the log. 

    The "where" was still valid because the files were still there.

    :1006579
Children
No Data