Quarantine function query

Dhruv2193

Dhruv2193

Level 10
Thread author
Verified
Well-known
Nov 7, 2016
468
Have you ever come across security software that does not ask what is to be done with quarantined files while uninstalling? What happens to these files in case of software not asking for action while removal of software?
 
  • Like
Reactions: Protomartyr, RoboMan and harlan4096
Dhruv2193

Dhruv2193

Level 10
Thread author
Verified
Well-known
Nov 7, 2016
468
EndangeredPootis said:
Quarantined objects have been completely disabled by the AV, even if the quarantine folder is not deleted there is 0% chance malware can escape.
Click to expand...
But why does this happen as after removal, won't the restrictions placed by the antivirus be removed?
 
R

roger_m

Level 41
Verified
Top Poster
Content Creator
Dec 4, 2014
3,029
Dhruv2193 said:
But why does this happen as after removal, won't the restrictions placed by the antivirus be removed?
Click to expand...
Quarantined files are usually encrypted, stored in a hidden folder and don't have an exe extension. Even if this was not the case and the files were stored without being encrypted and still had the .exe extension, they would be harmless unless you actually opened the quarantine folder and manually opened some of the files.
 
  • Like
Reactions: Protomartyr, blackice, upnorth and 4 others
RoboMan

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,400
Dhruv2193 said:
But why does this happen as after removal, won't the restrictions placed by the antivirus be removed?
Click to expand...
I think you're thinking of quarantine as a malware jail, but it's not.

Once a file is detected as malicious and "moved to quarantine", what really happens is that the antivirus deletes the file from its original location and then modifies it (call it permissions, strings) in order for it NOT to be able to run as a program/executable. This modified file is moved to a hidden folder aforementioned by @roger_m that nobody can access. If you then choose to empty quarantine, this folder and its content is deleted for good.

If upon uninstall an antivirus doesn't let you choose what to do with quarantine objects (usually it should), then probably this folder will remain hidden full of modified, harmless objects.
 
  • Like
Reactions: roger_m, Protomartyr, Divine_Barakah and 2 others
Dhruv2193

Dhruv2193

Level 10
Thread author
Verified
Well-known
Nov 7, 2016
468
roger_m said:
Quarantined files are usually encrypted, stored in a hidden folder and don't have an exe extension. Even if this was not the case and the files were stored without being encrypted and still had the .exe extension, they would be harmless unless you actually opened the quarantine folder and manually opened some of the files.
Click to expand...
Thanks. Solved my query. But as Robbie mentioned that the files cannot be run as a program/executable, so will manuallu opening do anything malicious to the system?
 
  • Like
Reactions: roger_m

Similar threads

Practical Response
    • Like
    • +Reputation
    • Hundred Points
Serious Discussion Security configuration Gurus
Replies
38
Views
1,634
General Security Discussions
Practical Response
Practical Response
L
    • Like
Question What programs do you use to disable telemetry and bloat in Windows 11?
Replies
11
Views
341
Other software
pxxb1
P
Brownie2019
    • Like
On Sale! AVG Internet Security 1Dev./ 1Yr. / $ 6.40
Replies
1
Views
336
Discounts and Deals
Dave Russo
Dave Russo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top