Solved

ESET Question about Quarantine

Posted on 2011-02-10
8
1,119 Views
Last Modified: 2013-11-22
Dear experts

How Eset Quarantine works? If I add manually an infected file or .dll that was reported by an antimalware as TREATH, the malware stores to Quarantine and my system is clean? Or Quarantine a file or .dll manually stores the malware in order to submit to for analysis, and my system is still infected?

Any suggestion, help, advice, ideas are more than welcome

Thank you very much
regards
Antonio Macias
   
REAL-TIME : Outpost Firewall Pro LIFETIME LICENSE, NOD 32, Shadow Defender, Sandboxie Paid Version
ON-DEMAND: MBAM Pro, SAS Pro Real Time Protection, Prevex
BACKUP : Acronis True Image 2011 Registered
0
Comment
Question by:rebelscum0000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 2

Expert Comment

by:mail2divyesh
ID: 34868633
well i dont know about ESET but whenever an AV Quarantines the file, it would mean it has encrypted it and saved it to a safevault (the AV's quarantine). so the system should be clean as original fine is quarantined.
0
 
LVL 2

Assisted Solution

by:Saikapian_4739
Saikapian_4739 earned 200 total points
ID: 34868659
Quarantine action by Eset or any other security software will put the file in a Vault and the file becomes inaccessible, however the file still remains on your system. But it will be removed from its original location and go in the location where Eset is maintaining its Vault.

Even though file remains on your system but when ever any application try to refer to that file it will not be able to find it, since file has been moved. Even if some pretty clever application finds the file in the vault also it will not be able to use it because file has been blocked by Eset.


And once you update the Eset it will submit all the quarantined objects for analysis.
0
 
LVL 2

Expert Comment

by:Saikapian_4739
ID: 34868661
I would like to add a point here that Clean and Quarantine are two entirely different actions taken by any anti-virus and file is never clean as original as said by mail2divyesh. In clean action the antivirus actually cleans the infected file and it is usable after that but in Quarantine file's access has been blocked and it can never be used untill you manually release the file from vault.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:rebelscum0000
ID: 34870014
@mail2divyesh
Why do you post a solution if you dont know about ESET, only to earn points? That is why I stop using EE for users like you that are not are experts, this question will be reported.

@Saikapian_4739

In other words I still infected?

Thank you very much in advance

Regards
Antonio Macias

0
 
LVL 2

Expert Comment

by:mail2divyesh
ID: 34870801
@rebelscum0000 what i said holds true for any AV that you use. If an AV says it has quarantined a file then it means the file has been kept in the AV's safe vault which cannot be accessed by normal programs - usually only the AV which quarantined it can access it.

To answer your question - It was just an intention to assist. Sorry if it hurts you but this is the fact - To answer the above question one doesnt need to be an ESET expert, any one with knowledge in AV technologies  can answer the above question and i actually work on AV Technologies :) so i disagree with your comment!
0
 

Author Comment

by:rebelscum0000
ID: 34870856
@mail2divyesh:

yeah whatever, I paid for this service period

Can someone please let me know

In other words I am still infected?

Thank you very much in advance

Regards
Antonio Macias

0
 
LVL 2

Accepted Solution

by:
mail2divyesh earned 300 total points
ID: 34870942
If a file is quarantined, the file goes to "safe vault". In other words you're "Clean" as the quarantined file cannot be accessed anymore which also means you're system is now clean from that infection.

0
 

Author Closing Comment

by:rebelscum0000
ID: 34871097
Thank you
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question