?
Solved

ESET Question about Quarantine

Posted on 2011-02-10
8
Medium Priority
?
1,126 Views
Last Modified: 2013-11-22
Dear experts

How Eset Quarantine works? If I add manually an infected file or .dll that was reported by an antimalware as TREATH, the malware stores to Quarantine and my system is clean? Or Quarantine a file or .dll manually stores the malware in order to submit to for analysis, and my system is still infected?

Any suggestion, help, advice, ideas are more than welcome

Thank you very much
regards
Antonio Macias
   
REAL-TIME : Outpost Firewall Pro LIFETIME LICENSE, NOD 32, Shadow Defender, Sandboxie Paid Version
ON-DEMAND: MBAM Pro, SAS Pro Real Time Protection, Prevex
BACKUP : Acronis True Image 2011 Registered
0
Comment
Question by:rebelscum0000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 2

Expert Comment

by:mail2divyesh
ID: 34868633
well i dont know about ESET but whenever an AV Quarantines the file, it would mean it has encrypted it and saved it to a safevault (the AV's quarantine). so the system should be clean as original fine is quarantined.
0
 
LVL 2

Assisted Solution

by:Saikapian_4739
Saikapian_4739 earned 800 total points
ID: 34868659
Quarantine action by Eset or any other security software will put the file in a Vault and the file becomes inaccessible, however the file still remains on your system. But it will be removed from its original location and go in the location where Eset is maintaining its Vault.

Even though file remains on your system but when ever any application try to refer to that file it will not be able to find it, since file has been moved. Even if some pretty clever application finds the file in the vault also it will not be able to use it because file has been blocked by Eset.


And once you update the Eset it will submit all the quarantined objects for analysis.
0
 
LVL 2

Expert Comment

by:Saikapian_4739
ID: 34868661
I would like to add a point here that Clean and Quarantine are two entirely different actions taken by any anti-virus and file is never clean as original as said by mail2divyesh. In clean action the antivirus actually cleans the infected file and it is usable after that but in Quarantine file's access has been blocked and it can never be used untill you manually release the file from vault.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 

Author Comment

by:rebelscum0000
ID: 34870014
@mail2divyesh
Why do you post a solution if you dont know about ESET, only to earn points? That is why I stop using EE for users like you that are not are experts, this question will be reported.

@Saikapian_4739

In other words I still infected?

Thank you very much in advance

Regards
Antonio Macias

0
 
LVL 2

Expert Comment

by:mail2divyesh
ID: 34870801
@rebelscum0000 what i said holds true for any AV that you use. If an AV says it has quarantined a file then it means the file has been kept in the AV's safe vault which cannot be accessed by normal programs - usually only the AV which quarantined it can access it.

To answer your question - It was just an intention to assist. Sorry if it hurts you but this is the fact - To answer the above question one doesnt need to be an ESET expert, any one with knowledge in AV technologies  can answer the above question and i actually work on AV Technologies :) so i disagree with your comment!
0
 

Author Comment

by:rebelscum0000
ID: 34870856
@mail2divyesh:

yeah whatever, I paid for this service period

Can someone please let me know

In other words I am still infected?

Thank you very much in advance

Regards
Antonio Macias

0
 
LVL 2

Accepted Solution

by:
mail2divyesh earned 1200 total points
ID: 34870942
If a file is quarantined, the file goes to "safe vault". In other words you're "Clean" as the quarantined file cannot be accessed anymore which also means you're system is now clean from that infection.

0
 

Author Closing Comment

by:rebelscum0000
ID: 34871097
Thank you
0

Featured Post

Are You Using the Best Web Development Editor?

The worlds of web hosting and web development are constantly evolving. Every year we see design trends change, coding standards adapt and new frameworks/CMS created. With such a quick pace of change it’s easy to get lost trying to keep up.

See if your editor made the list.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
A small collection of useful tips and tricks for Windows 10 users that I decided to write as a result of recent questions that were asked and answered at Experts Exchange. Two short video tutorials included. Enjoy..
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question