Author Topic: Quarantine instead of delete... why?  (Read 3285 times)

Offline Proteus

  • Jr. Member
  • **
  • Posts: 27
  • Gender: Male
  • Frustrated, confused and disappointed!
    • Personal Message (Offline)
Quarantine instead of delete... why?
« on: July 04, 2009, 10:57:51 PM »
In several posts in this forum I have read statements like this one from DavidR:

Quote
"So allow avast to send it to the chest, deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate."

It seems that the advice is to quarantine malware that Avast discovers rather than delete it. Is this always the recommendation? I should have thought it wiser to purge one's system of an infected file and replace it with a healthy one rather than to keep it around.

How long is it kept in quarantine? How is it eventually disposed of, or isn't it?

Offline Mr.Agent

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2773
  • Proud to be an avast! user.
    • Personal Message (Offline)
Re: Quarantine instead of delete... why?
« Reply #1 on: July 04, 2009, 11:00:32 PM »
Move to the Chest is more safe than delete. That what a guy said.
Smart phone LG G2 - (Specs) Processor Quad Core 2,26 GHZ - 2048 MB RAM - True IPS LCD Full HD 1080p Screen - 13 MP Camera 1080p HD of 60 fps - (Security) avast! Free Mobile Security with Anti-Theft

A beast is a beast, she will stay strong until she lives... -Mr.Agent

Offline spg SCOTT

  • Massive Poster
  • ****
  • Posts: 4138
  • Gender: Male
  • There is no magic, only lost physics
    • spg SCOTT
    • Personal Message (Offline)
Re: Quarantine instead of delete... why?
« Reply #2 on: July 04, 2009, 11:07:19 PM »
This allows for the file to be uploaded to alwil, for analysis, and can also help you in the long run.
Say a file of a program you use frequently is identified as malware, but you are unsure you can allow it to be sent to the chest and then checked out further, rather then delete it and not know whether it was genuine or not

You can leave things in the chest for as long as you want but the usual time frame is 2-3 weeks, re-scan it and take actions depending on the result.

also the virus chest is a secure place where the files are unable to be accessed.

Hope this helps,

-Scott-
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Offline Mr.Agent

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2773
  • Proud to be an avast! user.
    • Personal Message (Offline)
Re: Quarantine instead of delete... why?
« Reply #3 on: July 04, 2009, 11:08:59 PM »
+1 for Scott
Smart phone LG G2 - (Specs) Processor Quad Core 2,26 GHZ - 2048 MB RAM - True IPS LCD Full HD 1080p Screen - 13 MP Camera 1080p HD of 60 fps - (Security) avast! Free Mobile Security with Anti-Theft

A beast is a beast, she will stay strong until she lives... -Mr.Agent

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69236
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: Quarantine instead of delete... why?
« Reply #4 on: July 04, 2009, 11:37:08 PM »
Straight from the horses mouth, so to speak. Security programs like anything in life are fallible and can have false positive detections.

So the idea is to air on the side of caution 'first do no harm' and leave yourself some other options, but at the same time ensure it can't be run, sending it to the chest where it can do no harm and investigate.

You may also have seen this in conjunction to what you quoted - There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline +AdDicT+

  • Anime Otaku!
  • Advanced Poster
  • **
  • Posts: 710
  • Gender: Male
  • Defense is the best offense!
    • Watch anime^^
    • Personal Message (Offline)
Re: Quarantine instead of delete... why?
« Reply #5 on: July 05, 2009, 06:11:01 AM »
Straight from the horses mouth, so to speak. Security programs like anything in life are fallible and can have false positive detections.

So the idea is to air on the side of caution 'first do no harm' and leave yourself some other options, but at the same time ensure it can't be run, sending it to the chest where it can do no harm and investigate.

You may also have seen this in conjunction to what you quoted - There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
+1^^

-AnimeLover^^
Currently watching: Detective Conan, Maoyuu Mao Yuusha, and many others!
Avast 9.x Free, Windows Firewall, Firefox 24.x, Win 7 Ultimate
Last updated: Oct 24, 2013

Offline Proteus

  • Jr. Member
  • **
  • Posts: 27
  • Gender: Male
  • Frustrated, confused and disappointed!
    • Personal Message (Offline)
Re: Quarantine instead of delete... why?
« Reply #6 on: July 05, 2009, 11:42:40 AM »
[quote-"DavidR"]If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.[/quote]

Having nothing in the chest to scan at present and having never done this, can I get the short course on how to scan the chest? I know I can inpect the contents but saw nothing that would allow it to be scanned. Is it scanned separately or as part of a system scan?

Offline spg SCOTT

  • Massive Poster
  • ****
  • Posts: 4138
  • Gender: Male
  • There is no magic, only lost physics
    • spg SCOTT
    • Personal Message (Offline)
Re: Quarantine instead of delete... why?
« Reply #7 on: July 05, 2009, 11:53:09 AM »
Hi Proteus,

To scan something from the chest there are two options:

1. right click the particular file that you wish to scan -->scan file(s) (easiest option)

2. select the file --> click scan file (on the top toolbar)

Hope this help,

-Scott-
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Offline Proteus

  • Jr. Member
  • **
  • Posts: 27
  • Gender: Male
  • Frustrated, confused and disappointed!
    • Personal Message (Offline)
Re: Quarantine instead of delete... why?
« Reply #8 on: July 05, 2009, 01:39:53 PM »
Deleted
« Last Edit: July 05, 2009, 01:44:23 PM by Proteus »

Offline Proteus

  • Jr. Member
  • **
  • Posts: 27
  • Gender: Male
  • Frustrated, confused and disappointed!
    • Personal Message (Offline)
Re: Quarantine instead of delete... why?
« Reply #9 on: July 05, 2009, 01:46:11 PM »
I assume deletion is the next step, then, in any case? If it's still infected, that's logical... but I will also have replaced it in the intervening 3 weeks and will no longer need the file in quarantine.

Offline spg SCOTT

  • Massive Poster
  • ****
  • Posts: 4138
  • Gender: Male
  • There is no magic, only lost physics
    • spg SCOTT
    • Personal Message (Offline)
Re: Quarantine instead of delete... why?
« Reply #10 on: July 05, 2009, 02:08:09 PM »
If it is still identified as malware then yes, I would delete it.

-Scott-
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now