AMON and Quarantine

Discussion in 'NOD32 version 2 Forum' started by Blackspear, Sep 26, 2004.

Thread Status:
Not open for further replies.
  1. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I have just noticed, there is no setting available in AMON for Quarantine of a file upon detection of an infection.

    I am wondering as to why this is so, and when will it be remedied?

    As well, when it is implimented, shouldn’t it be ticked by default for safety reasons?

    Cheers :D
     
  2. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    That would be a good piece. I also asked for an option if not cleanable, then delete (which I thought would have been implemented in 2.12.2). Quarantine would be nice in case it was a valid file that was cleaned or deleted.

    Clean automatically in AMON does not at this point delete an infection, but only cleans the file if it is cleanable of the code added to the file in question.

    For users that are not familiar using NOD32 and the Clean automatically option has been set, the file will not be deleted, since it can not be cleaned (the malware itself) it is left without further user interaction.

    Clean or delete automatically would seem to be a better choice (with Quarantine).

     
  3. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    by ticking the top option it should give you the option to quarantine. I have not been infected so I can not say for certain what the options are it offers but it should offer quarantine. At least all of the other antivirus progrms I have used offered that option.
     

    Attached Files:

  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    After a little more looking I see that quarantine in amon is definantly absent
     

    Attached Files:

  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Yes, and I think this needs to be addressed fairly quickly, just as a safety factor. Also Quarantine should by default be ticked on everything, there would be less chance of a slip up if it was done this way, as well when a new user panics (and this is usually what happens – it is understandable) and deletes a file there is a backup, and if asked they can send the file to Eset...

    Another one that Rumstah has brought up that also should be added is quarantining files by command line, again another safety factor...


    Cheers :D
     
    Last edited: Sep 26, 2004
  6. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    True, but your initial suggestion and suspicion is, nevertheless, correct. If 'Prohibit access and display alert window with action selection' is the option configured in AMON's setup, then when AMON detects a virus its alert window does offer quarantine as an option and it works as advertised. Below is the result of a test I carried out to check:

    26/09/2004 21:16:11 AMON file C:\Documents and Settings\[user name]\Application Data\Mozilla\Profiles\default\xxxxxxxx.slt\Cache\6FD8DA13d01 VBS/TrojanDropper.Zerolin.A trojan quarantined - deleted
     
  7. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I am glad to hear that it does at least offer quarantine in that configuration.
     
    Last edited: Sep 26, 2004
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I seem to remember that now, still would be safer to have everything in all modules set to Quarantine by Default, I can not see a downside to this, and if somebody wants to lower their safety it is their choice to do so...

    Cheers :D
     
  9. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    I agree completely with what you are saying and I was somewhat surprised to discover that Quarantine was not on by default for all modules. Hopefully this is nothing more than an oversight that can be quickly remedied.
     
  10. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I never notice that, but could be a nice feature to add... ;)
     
Thread Status:
Not open for further replies.