Empty Quarantine

Discussion in 'ESET NOD32 Antivirus' started by rnfolsom, Apr 2, 2010.

Thread Status:
Not open for further replies.
  1. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    On the morning of 30 March I ran a demand scan which discovered and cleaned 58 intrusions.

    Today, while posting a message about that experience (if curious, see messages 16-17 in the thread "JS/EXploit.CVE-2010-0806 trojan on Yahoo!" at https://www.wilderssecurity.com/showthread.php?t=268922), I wanted to check something about those intrusions and discovered that my Quarantine is empty.

    But I do not recall emptying it manually.

    Can anyone tell me what setting automatically empties the quarantine?

    Thanks for any comments, suggestions, or help.

    Roger Folsom
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    when you cleaned the intrusions was the setting on delete in demand scan maybe?
     
  3. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    The quarantine does not empty itself, Roger, it would have to be purged manually Unless you have the below setting checked as per screenshot, this may explain why your quarantine is now empty.
     

    Attached Files:

    Last edited: Apr 2, 2010
  4. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    Cudni:

    I don't think so, because the demand scan found and cleaned the intrusions on its first and only run --- I didn't have to tell it to clean them manually --- and I did see the quarantine list of 58 alleged intrusions shortly after the demand scan was completed. Unless I deleted them by accident without realizing that I had done so (see Siljaline's post immediately after yours), they disappeared sometime after I had exited the demand-scan.

    In any case, my demand scans use the "In-Depth" profile, and I don't see anywhere in the "Advanced Setup Tree" to set that to delete instead of quarantine.

    Of course, there may be a "delete instead of quarantine" setting somewhere, and I don't know where to find it. At the moment, I don't see where to edit the "In-Depth" profile settings (or any other demand-scan profile).

    Roger Folsom
     
  5. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    is there nothing in the log, no mentions of detections ?
     
  6. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    Siljaline:

    Congratulations! You got it. In my Tools, Quarantine, "Rescan quarantine after every update" is checked.

    And apparently, "rescan" includes deleting any false positives that NOD32 quarantined in error, although the ? help says only that "Re-scan quarantined files after every update [means that] all quarantined objects will be scanned after each virus signature database update."

    Despite help's incomplete information, removing false positives from Quarantine does make some sense, provided that genuine threats are not removed.

    In my case --- see the latest posts, perhaps beginning with #12, in the "JS/EXploit.CVE-2010-0806 trojan on Yahoo!" thread --- apparently all of my JS/EXploit.CVE-2010-0806 intrusions were false positives.

    But that does not mean that all JS/EXploit.CVE-2010-0806 intrusions are false positives; some are real malware, based on my understanding of Marcos's posts in that thread (beginning with #12, although it wouldn't hurt to see also #1-#11).

    Just to be on the safe side, my own and my wife's computers will get new demand-scans later today.

    Thanks very much for telling me about that re-scan setting. I think I will uncheck it, and rely on manual deletions of quarantined threats, be they false or real, because it's a real nuisance to describe unexpected intrusions for a post either here or at Eset when the intrusion information has disappeared!

    Roger Folsom
    ________________________________________________________________

    P.S. In Tools, Scheduler/Planner, the first option is Log Maintenance, which in my case is checked,
    "Task is run every day at 6:00 p.m.", with "No Specific Settings," and it did run yesterday (April 1 but this is not a joke) as scheduled.
    With absolutely no idea about what "Log Maintenance" does, I had thought that Log Maintenance might clear the Quarantine list.

    In the Advanced Setup Tree, Tools, Scheduler, Scheduler/Planner says that "The system contains essential scheduled tasks to ensure its correct functionality. These should not be altered, and are hidden by default." And "Show system tasks" is checked.

    The ? help says "By default, some system tasks are not displayed. For instance, there are tasks which automatically maintain the system logs. You can enable viewing of these tasks in the Scheduler section, and reconfigure these tasks if necessary. An example of a system task is Maintenance of the system logs. The task may eventually be configured to meet user's needs."
    What that last sentence means, I know not. And so I have no idea what checking "Log Maintenance" does. Maybe nothing, at least in NOD32 4.0.474.
    Therefore, I'll leave "Log Maintenance" and "Show system tasks" checked.
     
    Last edited: Apr 2, 2010
  7. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    Yes, there is nothing in the Tools, Quarantine list, and nothing in the Tools, Lot files, Detected Threats list, apparently because all of the "infiltrations" were false positives. See the link to the "JS/EXploit.CVE-2010-0806 trojan on Yahoo!" thread in my post to Siljaline.

    However, the Tools, Log files, Events list, and especially the On-demand computer scan list, do show things that have happened, including the On-demand scan of 30 March --- highlighted in red --- that found all the "infiltrations" that apparently were false positives.

    Roger Folsom
     
Thread Status:
Not open for further replies.