Quarantine question

Discussion in 'ESET NOD32 Antivirus' started by xwray, Jan 30, 2008.

Thread Status:
Not open for further replies.
  1. xwray

    xwray Registered Member

    Joined:
    Mar 15, 2006
    Posts:
    46
    For the first time since I have been surfing the internet since allgore invented it, an attempt to infect my machine happened last night. NOD popped up a couple of alerts and put the files in quarantine with no harm done but I realized that I don't really know what that means. What actually happens to a file that is quarantined - does it get moved to a "holding" area, have it's atributes adjusted, or what. Are they somehow disabled from executing if one was to accidently doulble click on one?

    I then went to the quarantine tab and clicked on remove but I don't even know what that actually means - are they deleted at that point like any other file that you would deliberately delete or is whatever that was done to put them in the quarantine state in the first place removed leaving the files on the drive?

    Any help in understanding the system level mechanics of quarantining and removing from quarantine would be most appreciated.

    thanks
     
  2. xwray

    xwray Registered Member

    Joined:
    Mar 15, 2006
    Posts:
    46
    Anyone?
     
  3. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    Yes

    Yes. If you Restore them it puts them back where they came from.....
     
  4. BFG

    BFG Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    482
    Location:
    San Diego
    Hello,

    When NOD32 quarantines a file all it does is make an encrypted copy of the file leaving the original file in place. To quarantine a file is not an action in itself, it's the result of an action.

    If the action that was performed on the file wasn't "Delete" or "Terminate", or if the file was in an area NOD32 could not remove it from, the threat is still on the machine and will have to be deleted manually.

    BFG
     
Thread Status:
Not open for further replies.