Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Proteus on September 17, 2009, 07:40:12 PM

Title: Why the "Chest" rather than "Delete"??
Post by: Proteus on September 17, 2009, 07:40:12 PM: I have read, somewhere or other, that when Avast locates infections and removes them to the Chest, it is better to leave them there for a time than to delete them immediately. To me, this defies logic.

Can someone explain, please?
Title: Re: Why the "Chest" rather than "Delete"??
Post by: mikaelrask on September 17, 2009, 07:47:27 PM: hey! its better to send it to the virus chest becouse it can be a false threat. and sending a file to the chest its the best thing you can do. from the chest you can analyse the threat more then if you just remove it. hope this answered your question.
Title: Re: Why the "Chest" rather than "Delete"??
Post by: Pondus on September 17, 2009, 08:01:43 PM: Clean, Quarantine, or Delete?

http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm
Title: Re: Why the "Chest" rather than "Delete"??
Post by: DavidR on September 17, 2009, 09:25:05 PM: Quote from: Proteus on September 17, 2009, 07:40:12 PM
I have read, somewhere or other, that when Avast locates infections and removes them to the Chest, it is better to leave them there for a time than to delete them immediately. To me, this defies logic.

Can someone explain, please?

The adage 'first do no harm' e.g. don't delete as now you have zero options left.

So sending to the chest and then deleting would be the same as deleting it in the first place. As has been mentioned already false positives are a fact of life in security applications (though many simply won't admit to this). Depending on what the malware name of the detection was, it could be Heuristic or generic detections and those are more prone to false positive.

For example the avast Win32:Trojan-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

So you should leave detections in the chest for a few weeks before a) scanning it again in the chest and b) deleting it if it is still detected. During this time (2-3 weeks) you should be watching out for any adverse effect from having sent the file to the chest, error messages, missing file, etc...
Title: Re: Why the "Chest" rather than "Delete"??
Post by: Proteus on September 18, 2009, 04:33:38 AM: Thank you all for the replies... the "Chest" makes sense to me now.
Title: Re: Why the "Chest" rather than "Delete"??
Post by: DavidR on September 18, 2009, 02:51:06 PM: You're welcome.
Title: Re: Why the "Chest" rather than "Delete"??
Post by: Cahya Legawa on September 18, 2009, 06:55:30 PM: Quote from: Proteus on September 18, 2009, 04:33:38 AM
Thank you all for the replies... the "Chest" makes sense to me now.

Wow, now I understand more about chest function. I only think chest for created secure area for important file, and sending infected or suspicious files before.

Thanks.