• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Questions concerning NIS 2009 Quarantine.

Hi there:

Performed a Full System Scan yesterday and noticed one infected item which NIS promptly moved to Quarantine.

However, the actual file was not to be found, so here are my questions -

1) If a Virus/Malware, etc. is detected by the NIS 2009 real-time engine is it automatically deleted? If so, how?

2) Let's say that upon a scan, NIS 2009 finds a file type like the above, where is it actually placed in Quarantine? 

3) Let's say that I am downloading/loading a file that NIS 2009 deems suspicious, but I know to be safe, how can I override?

Your clarification would be appreciated.

TIA,

Plankton :0)

Message Edited by Plankton on 07-29-2009 10:59 AM
      Plankton - MCSE, CSQE     - NIS 2009 • NIS 2010 -Windows XP • Vista • 7 • IE 8

Replies

Kudos0

Re: Questions concerning NIS 2009 Quarantine.

Hi there:

Performed a Full System Scan yesterday and noticed one infected item which NIS promptly moved to Quarantine.

However, the actual file was not to be found, so here are my questions -

1) If a Virus/Malware, etc. is detected by the NIS 2009 real-time engine is it automatically deleted? If so, how?

2) Let's say that upon a scan, NIS 2009 finds a file type like the above, where is it actually placed in Quarantine? 

3) Let's say that I am downloading/loading a file that NIS 2009 deems suspicious, but I know to be safe, how can I override?

Your clarification would be appreciated.

TIA,

Plankton :0)

Message Edited by Plankton on 07-29-2009 10:59 AM
      Plankton - MCSE, CSQE     - NIS 2009 • NIS 2010 -Windows XP • Vista • 7 • IE 8
Accepted Solution
Kudos1 Stats

Re: Questions concerning NIS 2009 Quarantine.

1) If a Virus/Malware, etc. is detected by the NIS 2009 real-time engine is it automatically deleted? If so, how?

The action against a threat depends on the risk level of the threat. Whenever Norton program detects high-risk items and medium-risk items, it may quarantine or remove those files depending on the severity of the threat associated, since it's presence may affect the protection of the computer. In most cases, Norton AntiVirus automatically repairs virus-infected files or automatically deletes files that are infected by a worm or a Trojan after the scan. If it cannot successfully repair a virus-infected file, then it attempts to delete the file. A successful deletion bypasses the Windows Recycle Bin and completely removes the file from the hard drive. If it cannot delete the file, then it denies access to the file to make sure that the file cannot infect the computer by placing the file in Quarantine. For data safety, Norton AntiVirus is preset to make a backup copy of a file before attempting a repair/remove.

2) Let's say that upon a scan, NIS 2009 finds a file type like the above, where is it actually placed in Quarantine? 

Quarantine is a special, protected area of Norton AntiVirus. Files in Quarantine cannot interact with the rest of your system. If files in the Quarantine are infected, then the virus, worm, or Trojan cannot spread. This means that if an infected file is part of a legitimate software program, then that software program will not have access to the quarantined file. So, you are totally safe.

3) Let's say that I am downloading/loading a file that NIS 2009 deems suspicious, but I know to be safe, how can I override?

If you are confident that those files/folders are not security issues, disable the AutoProtect and download it. Then exclude those files/folders from Auto-Protect Scan and Manual Scan through Exclusion List, so that Scheduled Scan/Full System Scan ignore those files in future and won't move it to Quarantine. You can re-enable AutoProtect after this.

Kudos0

Re: Questions concerning NIS 2009 Quarantine.

Hi yogesh_mohan:

Superb reply!

Just one technical point ...

If NIS 2009 "deletes" the affected file, how is it determined that it is *actually* deleted?

From an Operating System standpoint, the only thing that you are doing is removing the "pointer" to a file on the HDD.

Does it overwrite the actual sectors that the file is stored on with a DoD type erasure pattern?

If so, NIS would need to know about disk geometry and I don't think it goes that far.

Thank you.

Plankton :0)

Message Edited by Plankton on 07-29-2009 01:11 PM
      Plankton - MCSE, CSQE     - NIS 2009 • NIS 2010 -Windows XP • Vista • 7 • IE 8
Kudos1 Stats

Re: Questions concerning NIS 2009 Quarantine.


Plankton wrote:

Hi yogesh_mohan:

...

If NIS 2009 "deletes" the affected file, how is it determined that it is *actually* deleted?

From an Operating System standpoint, the only thing that you are doing is removing the "pointer" to a file on the HDD.

Does it overwrite the actual sectors that the file is stored on with a DoD type erasure pattern?

If so, NIS would need to know about disk geometry and I don't think it goes that far.

Thank you.


It's just a standard operating system call to delete. If somebody where to use say, Norton Unerase, to recover the file immediately after the deletion it probably would still be there but would immediately be caught again when unerased.

Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation

This thread is closed from further comment. Please visit the forum to start a new thread.