Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 13646 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Quarantine? Why?

dwilson

So, I've been noticing a trend in anit-virus/anti-malware software to simply qurantine items. Does anyone know why this is? Whatever happened to just totally cleaning up a system?

I don't want things quarantined, I want them completely off my system but I don't even get that option any more...

Thoughts?

Thanks.

:56270


This thread was automatically locked due to age.
Parents
  • 0

    Hello Wison,

    Quoting Article 112129,

    The default configuration of an Anti-Virus & HIPS policy is to automatically clean up all malware detections, and following successful cleanup you will not see an alert against the endpoint in the console - this is by design.  Therefore you are only alerted when an action on your part is required.

    By default, an AV will try to clean up the malware(which could mean stripping malicious content off the file, or deleting it whatever may be the case) but there are scenarios the file is beyond repair and the only solution left is to quarantine it. 

    When a file is quarantined, it is rendered useless and it can't harm the computer. 

    Answering your question, this quarantined file is particularly useful for vendors to analyse and create signatures for the threat. If the system is cleaned, important information may be lost from an AV perspective. 

    Also, in cases of false positive where a legit application of yours getting quarantined could be easily recovered. That would not have been possible if it was cleaned by the AV. :) 

    Hope that answers your question.

    Vikas

    :56276
  • 0 in reply to Vikas
    Is there a way to manage what gets quarantined or to turn quarantine off? My assumption is that you cannot turn Quarantine off, thoughts?
  • 0 in reply to InternationalPossumBrotherhood

    Hi,

    Sorry I haven't been much active here but I intend to.

    Strictly talking about our Sophos AV, technically we can't turn off the Quarantine.

    All we can do is specify what to do when we detect a threat:

    Quarantine manager enables you to deal with the items found by scanning that were not eliminated automatically during scanning. 

    Note: Adware, PUAs, and multi-component infections detected during on-access scanning are always listed in Quarantine manager. Automatic cleanup of adware, PUAs, and multi-component infections is not available for on-access scanning. So in this case, you're kinda stuck with Quarantine Manager. 

    I'll be glad to answer any more questions you have for me.

Reply
  • 0 in reply to InternationalPossumBrotherhood

    Hi,

    Sorry I haven't been much active here but I intend to.

    Strictly talking about our Sophos AV, technically we can't turn off the Quarantine.

    All we can do is specify what to do when we detect a threat:

    Quarantine manager enables you to deal with the items found by scanning that were not eliminated automatically during scanning. 

    Note: Adware, PUAs, and multi-component infections detected during on-access scanning are always listed in Quarantine manager. Automatic cleanup of adware, PUAs, and multi-component infections is not available for on-access scanning. So in this case, you're kinda stuck with Quarantine Manager. 

    I'll be glad to answer any more questions you have for me.

Children
No Data