General Question

anartist's avatar

What actually happens to those files that are "quarantined" or put into the "virus vault"?

Asked by anartist (14732 points ) June 3rd, 2010

Not much to add. Antivirus programs do it all the time and never explain. Are there leper colonies existing invisibly on my computer? Are the lepers from Spybot Search & Destroy in the same internment camp as Avast! rejects? Or are they just stripped of their last names and rendered helpless and left in place? Inquiring minds want to know

Observing members: 0 Composing members: 0

9 Answers

YARNLADY's avatar

They sit there until you go in and delete them, unless your program is set to automatically delete them, depending on what type of anti virus software you are using.

anartist's avatar

@YARNLADY well then what makes them no longer a threat? The AV just “puts ‘em in the vault”

YARNLADY's avatar

@anartist Yes, that is the whole point.

anartist's avatar

I thought that whatever it did, it rendered them harmless somehow. That is what I am curious about. One way to “put them in the vault” might be to change the ‘exe’ extention to ‘txt’—i’d just like to know

Response moderated (Spam)
anartist's avatar

@manyu why?
I am not dissatisfied with my AV utilities. I just want to understasnd this thing.

Lightlyseared's avatar

False positives are quite common so the files are quarantined so that you can get them back if they turn out not to be a virus.

It also allows the files to be submittted for further analysis to improve the scanning routine.

anartist's avatar

@Lightlyseared but WHERE ARE THEY?? And how are they quarantined. Just leaving them there unchanged would not seem to remove any potential threat.

Tobotron's avatar

@anartist Yarnlady didn’t actually answer the question at all…of course how the digital vault behaves is down to the software but typically the AV software will alter the extension of the suspect file eg changing a .exe to a .txt file so its no longer so easily executable. It can then also do something that’s called sandboxing where it essentially boxes it off digitally so it can’t tamper with the real Windows system, it can also encrypt the vault so a second virus can’t access read and re-activate anything contained within it. Not to mention totally scramble any virus that might try to re-activate its extension.

As far as whats termed false positives that is where the AV software uses an algorithm to look for suspect behaviour typically key generators for pirate software etc can be viewed as a virus because of the way it alters software to make it ‘work’...

Answer this question

Login

or

Join

to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther