Clean, Quarantine, or Delete?
As an example, if you instruct your antivirus software to delete all infected files, those that were infected by a true file infecting virus could also be deleted. This could impact the normal features and functionality of your operating system or programs you use. On the other hand, antivirus software can't 'clean' a worm or a trojan, because there is nothing to clean - the entire file IS the worm or trojan. Quarantine plays a nice middle ground, because it moves the file to safe storage under control of the antivirus program - so it can't harm your system - but it's there in case a mistake was made and you need to restore that file.
To recap:
Clean: attempts to remove the infection from the file. This is only pertinent to virus behavior, wherein a legitimate file has been 'infected' with non-legitimate (usually viral) code. Quarantine: attempts to move the file to a safe location that is managed by the antivirus software. Delete: Removes the file completely from the system.
Generally speaking, if it's a worm or trojan then the best option is to quarantine or delete. If it's a true virus, the best option is to clean. However, this assumes you are actually able to distinguish exactly what type it is - which may not always be the case. The best rule of thumb is to proceed from safest (from a recovery standpoint) to least safest (files are gone forever).
Start with the 'clean' option. If the antivirus scanner reports that it cannot clean the file, then choose 'quarantine'. Only choose 'delete' if (a) the antivirus scanner specifically recommends it*, or (b) you're absolute certain that it's not a legitimate file, or (c) there's just no other option.
*It's worthwhile to check the settings in your antivirus software to see what options have been preconfigured and adjust accordingly.
Comments
that was a nice bit of info–the small things one never thinks about or learns of. I hope I never need to choose which option to use, but,thanks to you I’ll at least be able to decide intelligently.
Thanks!
i have a trojan on my pc and it won’t let me clean,Quarantine or delete it what is the best thing to do.
LEE wrote:
“i have a trojan on my pc and it won’t let me clean,Quarantine or delete it what is the best thing to do. ”
The trojan has the control so you have first remove it from the memory. To do this you have to do the following:
Check the filename of the trojan and look for the list of the Task Manager. If found, stop it and remove all the source and all the references from the Registry and INI files too.
If removed from memory, you will be able delete it.
Most antivirus software will treat the “clean” option as a “delete” when it comes to worms and trojans. Deleting infected files can be a bad thing also, as a new variant may be deleted before it is fully understood. e.g. a new variant may be found on your system and detected “generically”. If this is deleted before the new variant is analysed and the effects can be reversed and added in a newer signature file for your AV software, the next scan will not be able to reverse the damage, as the malware will not be found to initiate the clean routine. This can leave other files and registry remnants which will never be cleaned on your system.
I set my software to “Clean” on the first action and “Deny Access/Continue” as the second action. I can then decide to wait for an update from my virus vendor, or manually remove the virus.
I don’t like quarantine, because quarantine can also move infected system/program files which can disable software too. However, it does offer a degree of greater protection against viruses that alter or manipulate data in documents or spreadsheets, though these types of viruses are now rare.
I have antivirus.But dont know about the correct meaning og the above options.but i understand about it.right now.
thank u
This is a very good info about proper ways of handling virus.Thanks
That was a nice and informative bit.Really useful.It happened to me that many of my exe files got infected by a virus(virut),i hope so..i moved to quarantine..I wish if i could retrieve it
Hi. Once my anti-virus program automatically quarantines a virus, is it best just to leave it in there? Should I press “delete” on the risk instead? What does the “export” button do?
So yeah, what’s the smartest decision to make: leave it quarantined, or just delete it :S
thanks