Solved

ESET Question about Quarantine

Posted on 2011-02-10
8
1,117 Views
Last Modified: 2013-11-22
Dear experts

How Eset Quarantine works? If I add manually an infected file or .dll that was reported by an antimalware as TREATH, the malware stores to Quarantine and my system is clean? Or Quarantine a file or .dll manually stores the malware in order to submit to for analysis, and my system is still infected?

Any suggestion, help, advice, ideas are more than welcome

Thank you very much
regards
Antonio Macias
   
REAL-TIME : Outpost Firewall Pro LIFETIME LICENSE, NOD 32, Shadow Defender, Sandboxie Paid Version
ON-DEMAND: MBAM Pro, SAS Pro Real Time Protection, Prevex
BACKUP : Acronis True Image 2011 Registered
0
Comment
Question by:rebelscum0000
  • 3
  • 3
  • 2
8 Comments
 
LVL 2

Expert Comment

by:mail2divyesh
ID: 34868633
well i dont know about ESET but whenever an AV Quarantines the file, it would mean it has encrypted it and saved it to a safevault (the AV's quarantine). so the system should be clean as original fine is quarantined.
0
 
LVL 2

Assisted Solution

by:Saikapian_4739
Saikapian_4739 earned 200 total points
ID: 34868659
Quarantine action by Eset or any other security software will put the file in a Vault and the file becomes inaccessible, however the file still remains on your system. But it will be removed from its original location and go in the location where Eset is maintaining its Vault.

Even though file remains on your system but when ever any application try to refer to that file it will not be able to find it, since file has been moved. Even if some pretty clever application finds the file in the vault also it will not be able to use it because file has been blocked by Eset.


And once you update the Eset it will submit all the quarantined objects for analysis.
0
 
LVL 2

Expert Comment

by:Saikapian_4739
ID: 34868661
I would like to add a point here that Clean and Quarantine are two entirely different actions taken by any anti-virus and file is never clean as original as said by mail2divyesh. In clean action the antivirus actually cleans the infected file and it is usable after that but in Quarantine file's access has been blocked and it can never be used untill you manually release the file from vault.
0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 

Author Comment

by:rebelscum0000
ID: 34870014
@mail2divyesh
Why do you post a solution if you dont know about ESET, only to earn points? That is why I stop using EE for users like you that are not are experts, this question will be reported.

@Saikapian_4739

In other words I still infected?

Thank you very much in advance

Regards
Antonio Macias

0
 
LVL 2

Expert Comment

by:mail2divyesh
ID: 34870801
@rebelscum0000 what i said holds true for any AV that you use. If an AV says it has quarantined a file then it means the file has been kept in the AV's safe vault which cannot be accessed by normal programs - usually only the AV which quarantined it can access it.

To answer your question - It was just an intention to assist. Sorry if it hurts you but this is the fact - To answer the above question one doesnt need to be an ESET expert, any one with knowledge in AV technologies  can answer the above question and i actually work on AV Technologies :) so i disagree with your comment!
0
 

Author Comment

by:rebelscum0000
ID: 34870856
@mail2divyesh:

yeah whatever, I paid for this service period

Can someone please let me know

In other words I am still infected?

Thank you very much in advance

Regards
Antonio Macias

0
 
LVL 2

Accepted Solution

by:
mail2divyesh earned 300 total points
ID: 34870942
If a file is quarantined, the file goes to "safe vault". In other words you're "Clean" as the quarantined file cannot be accessed anymore which also means you're system is now clean from that infection.

0
 

Author Closing Comment

by:rebelscum0000
ID: 34871097
Thank you
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
An article on effective troubleshooting
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now