Question about Dr.Web Quarantine

Discussion in 'other anti-virus software' started by jjmac10, Mar 19, 2007.

Thread Status:
Not open for further replies.
  1. jjmac10

    jjmac10 Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    16
    Location:
    Illinois, USA
    I am considering a trial of Dr.Web but I have this concern. I have read the downloadable PDF manual and in the section about the quarantine (infected!!) area, there is NO reference to the abilty to RESTORE a file to it's ORIGINAL location.

    This seems to me to be problem if the file turns out to be a False Positive, especially for buried SYS files that have complex or hidden restore paths.

    I would appreciate comments or workarounds from Dr.Web users on this matter.

    JJ
     
  2. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    There is no GUI driven quarantine function currently in Dr Web that would allow this to happen. However, Dr Web is being rapidly improved; Dr Web 5 will be here shortly and in the mean time we are given enhancements one at a time. Version 5 will have this feature, as well as many others.
     
  3. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    Which is why I (and others) use following settings in Scanner & Spider Guard:
    Under "Actions":
    Infected Objects: Cure
    Incurable objects, Suspicious Objects, (and others): Ask OR Report.
     
  4. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    I just use Lock, that way I can check for myself w/o it doing damage to the system or other on the internet.
    But then again that is when I am actually using an AV. :ninja:
     
  5. jjmac10

    jjmac10 Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    16
    Location:
    Illinois, USA
    Please explain the lock method in more detail. The manual says that it prevents the system from using the file. What exactly can be done with "Locked" Files? (Copy, Move, Etc?)

    This seems to be a good alternative to Quarantine, IF one can go back and unlock the file if it can be determined that it was a FP.

    For example, I get a file reported as INFECTED. I "LOCK" it and then I wish to access the file to submit to VirusTotal. Do I need to "Unlock" it to do this?


    Also, If one uses the Quaratine with Dr.Web since it has NO restore, does the LOG provide COMPLETE PATH information so that a MANUAL restore could be done with success?

    The lack of an automatic restore does pose some problems, I am just trying to come up with safe and workable alternatives.

    JJ
     
  6. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    Per the manual:
    As well as:
    As an easy workaround, I just would not enable "lock" on any of the "action" options. Rather opt for "Ask" or "Report", or if it's your kids' machine (and prefer no user interaction), opt for "Rename" or "Move".

    Cheers
     
Loading...
Thread Status:
Not open for further replies.