Solved

ESET Question about Quarantine

Posted on 2011-02-10
8
1,118 Views
Last Modified: 2013-11-22
Dear experts

How Eset Quarantine works? If I add manually an infected file or .dll that was reported by an antimalware as TREATH, the malware stores to Quarantine and my system is clean? Or Quarantine a file or .dll manually stores the malware in order to submit to for analysis, and my system is still infected?

Any suggestion, help, advice, ideas are more than welcome

Thank you very much
regards
Antonio Macias
   
REAL-TIME : Outpost Firewall Pro LIFETIME LICENSE, NOD 32, Shadow Defender, Sandboxie Paid Version
ON-DEMAND: MBAM Pro, SAS Pro Real Time Protection, Prevex
BACKUP : Acronis True Image 2011 Registered
0
Comment
Question by:rebelscum0000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 2

Expert Comment

by:mail2divyesh
ID: 34868633
well i dont know about ESET but whenever an AV Quarantines the file, it would mean it has encrypted it and saved it to a safevault (the AV's quarantine). so the system should be clean as original fine is quarantined.
0
 
LVL 2

Assisted Solution

by:Saikapian_4739
Saikapian_4739 earned 200 total points
ID: 34868659
Quarantine action by Eset or any other security software will put the file in a Vault and the file becomes inaccessible, however the file still remains on your system. But it will be removed from its original location and go in the location where Eset is maintaining its Vault.

Even though file remains on your system but when ever any application try to refer to that file it will not be able to find it, since file has been moved. Even if some pretty clever application finds the file in the vault also it will not be able to use it because file has been blocked by Eset.


And once you update the Eset it will submit all the quarantined objects for analysis.
0
 
LVL 2

Expert Comment

by:Saikapian_4739
ID: 34868661
I would like to add a point here that Clean and Quarantine are two entirely different actions taken by any anti-virus and file is never clean as original as said by mail2divyesh. In clean action the antivirus actually cleans the infected file and it is usable after that but in Quarantine file's access has been blocked and it can never be used untill you manually release the file from vault.
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 

Author Comment

by:rebelscum0000
ID: 34870014
@mail2divyesh
Why do you post a solution if you dont know about ESET, only to earn points? That is why I stop using EE for users like you that are not are experts, this question will be reported.

@Saikapian_4739

In other words I still infected?

Thank you very much in advance

Regards
Antonio Macias

0
 
LVL 2

Expert Comment

by:mail2divyesh
ID: 34870801
@rebelscum0000 what i said holds true for any AV that you use. If an AV says it has quarantined a file then it means the file has been kept in the AV's safe vault which cannot be accessed by normal programs - usually only the AV which quarantined it can access it.

To answer your question - It was just an intention to assist. Sorry if it hurts you but this is the fact - To answer the above question one doesnt need to be an ESET expert, any one with knowledge in AV technologies  can answer the above question and i actually work on AV Technologies :) so i disagree with your comment!
0
 

Author Comment

by:rebelscum0000
ID: 34870856
@mail2divyesh:

yeah whatever, I paid for this service period

Can someone please let me know

In other words I am still infected?

Thank you very much in advance

Regards
Antonio Macias

0
 
LVL 2

Accepted Solution

by:
mail2divyesh earned 300 total points
ID: 34870942
If a file is quarantined, the file goes to "safe vault". In other words you're "Clean" as the quarantined file cannot be accessed anymore which also means you're system is now clean from that infection.

0
 

Author Closing Comment

by:rebelscum0000
ID: 34871097
Thank you
0

Featured Post

Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question