Author Topic: How to Quarantine?  (Read 3672 times)

0 Members and 1 Guest are viewing this topic.

mades

  • Guest
How to Quarantine?
« on: April 21, 2013, 05:04:01 PM »
Hi! I am using the latest Avast! antivirus (free edition). It says it has detected 11 viruses (however, I know they are not viruses - they are from Comodo Firewall and from Malwarebytes). Although, if EVER I get an actual virus, how could I quarantine it?

I am asking, because I was playing around to see how I could quarantine a virus (since I thought it would be important should that ever be the case). Yet, it never gives me that opportunity to do so. The screen shows up telling me to select a virus and so on and choose the action, but I cannot click on anything, aside from "close" or choosing one of the options from the "Apply this Options for all" drop down menu. I am attaching a picture of the screen.

I use Windows 7.

iroc9555

  • Guest
Re: How to Quarantine?
« Reply #1 on: April 21, 2013, 05:24:45 PM »
Mades welcome to Avast! Forums.

Those are memory detection of encripted virus files for Comodo and MBAM. Are you running a custom scan and selected Memory ? Memory scans gives wierd results and it is better to avoid doing it.

Those memory detection can not be quarentine. When you get a real detection, Avast! analysis result will give you the opportunity to choose what to do with the file.

If you open Avast! Virus Chest and right click on it, you have the choice to add a file to the virus chest that way you can send the file to Avast! lab or see its properties. Still this is only a copy, the original file remains in its place
« Last Edit: April 21, 2013, 05:26:18 PM by iroc9555 »

mades

  • Guest
Re: How to Quarantine?
« Reply #2 on: April 21, 2013, 08:09:24 PM »
Mades welcome to Avast! Forums.

Those are memory detection of encripted virus files for Comodo and MBAM. Are you running a custom scan and selected Memory ? Memory scans gives wierd results and it is better to avoid doing it.

Indeed! Ok, I have removed this from my custom scan I call "full heavy scan". I have rescanned it, and now I still get files (which are archives which are password protected - files which I am not concerned about - hence why I did not include in my original post). And the same problem occur, I can only click on the same options as mentioned in my original post. If, in the future, I had a virus, would I BE able to get rid of it?

Hold on a second. What do mean by this:
"Those are memory detection of encripted virus files for Comodo and MBAM"

Should I be worried about something?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: How to Quarantine?
« Reply #3 on: April 21, 2013, 08:16:18 PM »
These detections are in memory or are listings of files that can't be scanned.

Since they aren't physical files they can't be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.

The detections in memory are frequently other security applications loading unencrypted virus signatures into memory. Having set off a scan of memory by an antivirus application looking for virus signatures, don't be too surprised if it finds some in memory.

So if you can give some examples of the items in the list that couldn't be scanned (password protected archives).

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

mades

  • Guest
Re: How to Quarantine?
« Reply #4 on: April 21, 2013, 09:09:22 PM »
Gotcha!

Sure, I will attach a picture. I hovered over one of them so you could see the path and where it came from.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: How to Quarantine?
« Reply #5 on: April 21, 2013, 09:45:33 PM »
Looks like a program protecting its installation file/s, though can't be certain but it could be adobe reader 9 and adobe have recently taken the precaution of password protecting its files.

The other ones not related to install_reader9 I can't see the file name \...\ because of this concatenation, but they appear to be a similar reason of programs protecting their intellectual property.

So I believe the reason for not being able to scan them (archive password protected) appears to be reasonable/legit/valid.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

mades

  • Guest
Re: How to Quarantine?
« Reply #6 on: April 21, 2013, 09:51:07 PM »
Cool :)

Yes, they are all from the same folder. Different languages is all. Yes, a lot of the archives I've had are password protected. Including apps, games and so forth. It seems to me, as you are saying, they protecting their archives.

Thanks for the info, both of you.


Iroc, I forgot to  mention, thank you for welcoming me earlier.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: How to Quarantine?
« Reply #7 on: April 21, 2013, 11:13:18 PM »
You're welcome.

Yes it does appear they are legitimately protecting their archives.
In any case, as and when those archives were to be unpacked by the program that set the password, the content is no longer protected by password and would be subject to the usual on-access (resident) scan by the File System Shield.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security