1. Technology
You can opt-out at any time. Please refer to our privacy policy for contact information.

Clean, Quarantine, or Delete?

By March 11, 2007

Follow me on:

If your antivirus encounters an infected file, there are generally three options available: clean, quarantine, or delete. If the wrong option is selected, the results can be catastrophic. And if it's a false positive, such a mishap can be even more frustrating and damaging.

As an example, if you instruct your antivirus software to delete all infected files, those that were infected by a true file infecting virus could also be deleted. This could impact the normal features and functionality of your operating system or programs you use. On the other hand, antivirus software can't 'clean' a worm or a trojan, because there is nothing to clean - the entire file IS the worm or trojan. Quarantine plays a nice middle ground, because it moves the file to safe storage under control of the antivirus program - so it can't harm your system - but it's there in case a mistake was made and you need to restore that file.

To recap:

  • Clean: attempts to remove the infection from the file. This is only pertinent to virus behavior, wherein a legitimate file has been 'infected' with non-legitimate (usually viral) code.
  • Quarantine: attempts to move the file to a safe location that is managed by the antivirus software.
  • Delete: Removes the file completely from the system.
  • Generally speaking, if it's a worm or trojan then the best option is to quarantine or delete. If it's a true virus, the best option is to clean. However, this assumes you are actually able to distinguish exactly what type it is - which may not always be the case. The best rule of thumb is to proceed from safest (from a recovery standpoint) to least safest (files are gone forever).

    Start with the 'clean' option. If the antivirus scanner reports that it cannot clean the file, then choose 'quarantine'. Only choose 'delete' if (a) the antivirus scanner specifically recommends it*, or (b) you're absolute certain that it's not a legitimate file, or (c) there's just no other option.
    *It's worthwhile to check the settings in your antivirus software to see what options have been preconfigured and adjust accordingly.

    Comments
    March 14, 2007 at 4:09 pm
    (1) Efmesch says:

    that was a nice bit of info–the small things one never thinks about or learns of. I hope I never need to choose which option to use, but,thanks to you I’ll at least be able to decide intelligently.
    Thanks!

    March 30, 2007 at 7:35 pm
    (2) LEE says:

    i have a trojan on my pc and it won’t let me clean,Quarantine or delete it what is the best thing to do.

    May 2, 2007 at 5:02 pm
    (3) Gabor says:

    LEE wrote:
    “i have a trojan on my pc and it won’t let me clean,Quarantine or delete it what is the best thing to do. ”

    The trojan has the control so you have first remove it from the memory. To do this you have to do the following:
    Check the filename of the trojan and look for the list of the Task Manager. If found, stop it and remove all the source and all the references from the Registry and INI files too.
    If removed from memory, you will be able delete it.

    May 2, 2007 at 9:04 pm
    (4) Robert says:

    Most antivirus software will treat the “clean” option as a “delete” when it comes to worms and trojans. Deleting infected files can be a bad thing also, as a new variant may be deleted before it is fully understood. e.g. a new variant may be found on your system and detected “generically”. If this is deleted before the new variant is analysed and the effects can be reversed and added in a newer signature file for your AV software, the next scan will not be able to reverse the damage, as the malware will not be found to initiate the clean routine. This can leave other files and registry remnants which will never be cleaned on your system.
    I set my software to “Clean” on the first action and “Deny Access/Continue” as the second action. I can then decide to wait for an update from my virus vendor, or manually remove the virus.
    I don’t like quarantine, because quarantine can also move infected system/program files which can disable software too. However, it does offer a degree of greater protection against viruses that alter or manipulate data in documents or spreadsheets, though these types of viruses are now rare.

    December 1, 2008 at 2:25 am
    (5) Amaldev says:

    I have antivirus.But dont know about the correct meaning og the above options.but i understand about it.right now.

    thank u

    January 26, 2009 at 4:07 am
    (6) Sakeenah says:

    This is a very good info about proper ways of handling virus.Thanks

    May 19, 2009 at 9:00 am
    (7) Manila says:

    That was a nice and informative bit.Really useful.It happened to me that many of my exe files got infected by a virus(virut),i hope so..i moved to quarantine..I wish if i could retrieve it

    June 22, 2009 at 1:51 am
    (8) GEEGEE says:

    Hi. Once my anti-virus program automatically quarantines a virus, is it best just to leave it in there? Should I press “delete” on the risk instead? What does the “export” button do?

    So yeah, what’s the smartest decision to make: leave it quarantined, or just delete it :S
    thanks

    October 19, 2009 at 6:14 am
    (9) SIVANESAN S says:

    Here is the most important explanation abut the harmness &remedies of the worms & trojan then hw it can b quranti’d &clead or removed

    October 23, 2009 at 11:45 am
    (10) jeanne says:

    I have CA Security Center, and it has picked up a “trojan” and states that it is detected and killed. What’s the difference between killed and quarantined?

    July 5, 2010 at 5:30 pm
    (11) Adriana says:

    Thank you very much for the information

    October 30, 2010 at 2:16 pm
    (12) Leon says:

    I own a copy of BitDefender. It announced I had a virus in my Outlook PST file. I decided to quarantine it. Went to bed, in the morning the file had dissappeared. Looked up quarantine in BitDefender. It uses a memory resident file instead of storing it. The file is gone, and cannot be retrieved.
    Leon

    December 27, 2010 at 4:03 am
    (13) Arun says:

    Do every antivirus scans and makes a log of correct file properties(especially for app) in a system….so invalid changes made(by virus) eaisly detected?

    And thanks for above info…really a must info.

    January 15, 2011 at 3:56 am
    (14) redkar says:

    how can I get back quarntined file

    August 19, 2011 at 11:42 pm
    (15) Cradonale says:

    Thansks for the info, i don;t knew about that, that really helped.

    December 3, 2011 at 7:55 pm
    (16) Jeff Schumacher says:

    Helpful info= thank-you

    Leave a Comment

    Line and paragraph breaks are automatic. Some HTML allowed: <a href="" title="">, <b>, <i>, <strike>

    ©2014 About.com. All rights reserved.