Solved

ESET Question about Quarantine

Posted on 2011-02-10
8
1,105 Views
Last Modified: 2013-11-22
Dear experts

How Eset Quarantine works? If I add manually an infected file or .dll that was reported by an antimalware as TREATH, the malware stores to Quarantine and my system is clean? Or Quarantine a file or .dll manually stores the malware in order to submit to for analysis, and my system is still infected?

Any suggestion, help, advice, ideas are more than welcome

Thank you very much
regards
Antonio Macias
   
REAL-TIME : Outpost Firewall Pro LIFETIME LICENSE, NOD 32, Shadow Defender, Sandboxie Paid Version
ON-DEMAND: MBAM Pro, SAS Pro Real Time Protection, Prevex
BACKUP : Acronis True Image 2011 Registered
0
Comment
Question by:rebelscum0000
  • 3
  • 3
  • 2
8 Comments
 
LVL 2

Expert Comment

by:mail2divyesh
ID: 34868633
well i dont know about ESET but whenever an AV Quarantines the file, it would mean it has encrypted it and saved it to a safevault (the AV's quarantine). so the system should be clean as original fine is quarantined.
0
 
LVL 2

Assisted Solution

by:Saikapian_4739
Saikapian_4739 earned 200 total points
ID: 34868659
Quarantine action by Eset or any other security software will put the file in a Vault and the file becomes inaccessible, however the file still remains on your system. But it will be removed from its original location and go in the location where Eset is maintaining its Vault.

Even though file remains on your system but when ever any application try to refer to that file it will not be able to find it, since file has been moved. Even if some pretty clever application finds the file in the vault also it will not be able to use it because file has been blocked by Eset.


And once you update the Eset it will submit all the quarantined objects for analysis.
0
 
LVL 2

Expert Comment

by:Saikapian_4739
ID: 34868661
I would like to add a point here that Clean and Quarantine are two entirely different actions taken by any anti-virus and file is never clean as original as said by mail2divyesh. In clean action the antivirus actually cleans the infected file and it is usable after that but in Quarantine file's access has been blocked and it can never be used untill you manually release the file from vault.
0
 

Author Comment

by:rebelscum0000
ID: 34870014
@mail2divyesh
Why do you post a solution if you dont know about ESET, only to earn points? That is why I stop using EE for users like you that are not are experts, this question will be reported.

@Saikapian_4739

In other words I still infected?

Thank you very much in advance

Regards
Antonio Macias

0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 
LVL 2

Expert Comment

by:mail2divyesh
ID: 34870801
@rebelscum0000 what i said holds true for any AV that you use. If an AV says it has quarantined a file then it means the file has been kept in the AV's safe vault which cannot be accessed by normal programs - usually only the AV which quarantined it can access it.

To answer your question - It was just an intention to assist. Sorry if it hurts you but this is the fact - To answer the above question one doesnt need to be an ESET expert, any one with knowledge in AV technologies  can answer the above question and i actually work on AV Technologies :) so i disagree with your comment!
0
 

Author Comment

by:rebelscum0000
ID: 34870856
@mail2divyesh:

yeah whatever, I paid for this service period

Can someone please let me know

In other words I am still infected?

Thank you very much in advance

Regards
Antonio Macias

0
 
LVL 2

Accepted Solution

by:
mail2divyesh earned 300 total points
ID: 34870942
If a file is quarantined, the file goes to "safe vault". In other words you're "Clean" as the quarantined file cannot be accessed anymore which also means you're system is now clean from that infection.

0
 

Author Closing Comment

by:rebelscum0000
ID: 34871097
Thank you
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now