Can I delete quarantined files/objects?

Ardmore

 

Thank you for your response. I think you have a point. Certainly the wording is far from good. In particular across two sentances it would seem the writer differentiated between "complete protection" and "maximum protection" which I would not agree with. Also "your protection features" will cause confusion as to its meaning since it is not "I" that has protection features but rather NIS, so the writer perhaps meant to say "However, you should ensure that the following protection features are turned on...."

 

I agree that I do tend to have different takes on wording. That applies not just to help files but alas to messages in this forum!

 

As for compressed files scanning, I would always suggest leaving the setting to default i.e. compressed files should be scanned, rather than waiting for the content within any compressed file to be decompressed or decompressed and executed.

 

However, the question it seems to me is 'how to improve the product going forward?'. I don't think one can just rely upon your comments or others in this forum. Rather I suggest that it is the beta program that needs to be developed so that such useful comments can be taken account of during the development stage and prior to the products release.

Sorry this is late (been tied up on work) but a few points to note here:

 


mijcar wrote:

D, a couple of clarifications.

 

First, my post was mostly about the UNhelpfulness of Norton's Help menus.

Agreed.  The Help file could and should be much more comprehensive.

 

Second, one of the options actually is "delete the file"; you just don't usually get it.

The user of the 2009 / 2010 consumer products only gets the "Delete the File" option if the file is a questionable Quarantined object.  For a confirmed Risk object, it is done automatically from the "Remove from History" option.

 

Third, it does appear that what is being offered the use is the chance to restore a cleaned-up previously-infected file.  So there would be good reason to remove it from history WITHOUT actually deleting the file -- assuming the user actually wanted to use it.  I will add that this situation has occurred to me.  Very seldom, yes, but it has occurred:  a time I needed the information so badly that I risked openning the file once it was supposedly cleaned.  So, not only is there a different grammatical implication between "delete the file" and "delete the log entry"; there is also a different situation to which each applies.

If one removes the file from History then there is no way to restore the file from Quarantine.  Why would you want to have a file "locked" on your hard drive with no way to actually (programmatically) remove the file?  Since Norton does not let the user have any real access to the actual files in Quarantine, the "Remove from History" will delete the file instead of leaving the file in 'limbo' on the user's hard drive. 

 

Fourth, are you certain the file is actually off your computer?  And if that one is, what about files that have been cleaned up?  Why would Norton delete them unless specifically told to?

The file is most certainly off the computer; even in Quarantine, the file has no access to your system, so it is already removed, so to speak.  Norton does not delete anything from the Quarantine area automatically; only on the user's command but then it will not let the user do something to harm their system.

 

Do you see the problem.

I think so.

 

What I want -- and what I think users deserve -- is what NIS used to offer:  A clear quarantine manager that gives me a display of quarantined items and allows me to point and choose an action, once of which would be to delete.

Don't think this will happen as this used to allow the users the ability to compromise their system.

 

Second best would be a pop-up that when I point an action tells me all the consequences of that action.  For example, if you're right about deleting a log entry also deleting the file, then when I point at "delete log entry" there should be a pop-up that says "deleting this log entry will also result in deleting the file."

Again, in the new versions of Norton, deleting the log entry in the History / Quarantine area also removes the quarantined file(s).  Without the log entry, there is no way to restore the file(s) so Norton will not keep them locked but unaccessable on the hard drive.


 


mijcar wrote:

....

Here it tis:

 

I have just received an email from a friend.  He is sending me a copy of a tax file I urgently need.  The file is large.  He has .........


Norton does not scan inside zip files automatically.  You would have to save the file on your file system (outside of email client) and then access it.  Auto Protect would then (if you are unzipping the file) come and remove ONLY the virus, leaving the data and other files intact.  The same would happen if you right clicked on the file (once on the file system) and did a manual scan.


dbrisendine wrote:
...Norton does not scan inside zip files automatically.  You would have to save the file on your file system (outside of email client) and then access it.  Auto Protect would then (if you are unzipping the file) come and remove ONLY the virus, leaving the data and other files intact.  The same would happen if you right clicked on the file (once on the file system) and did a manual scan.

Wait!  I thought I had it, then you said this.

 

How did the following occur?  I never open or save attachments on email in this account (although my memory could be going, or I suppose I might have accidentally clicked ...?)

 

Example 1.jpg

 

So where is the original-but-cleaned-up nz.zip?  I looked everywhere and I couldn't find it.  Which is, in its way, good; because I shouldn't have been able to find it -- read on.

 

 

 

Of greater concern is the following:

 

Example 2.jpg

 

You see, both of these images is from my wife's computer.  Her NIS is set to delete contaminated Zip files.  Why is there an option to restore the file?  Does it really still exist?

 

 

I think you are beginning to see the problem.  If I -- with years of editing and coding and working (outside of teaching hours) with computers and even developing software -- can not figure out what Norton is actually saying and what is actually going on, then how can the ordinary user do so, with even less experience navigating Help information that has been translated into impassable English from heaven knows what original language?

 

Believe me, Dbris, I appreciate your attempts to clarify.  But my own sense is that you and I, despite your best efforts, still constitute two blind men (1 1/2 if you insist) trying to feel our way through this stuff.

 

 

That's interesting; I've never seen NIS2010 scan a zip file automatically before at all.  However (and the mystery deepens here), one of the 'fixes' in 17.1.0.14 is listed as

 

4. What are the changes in this release?

- Corrected an issue with Quarantined files that occasionally prevent upgrading to 17.0 from older products.
- Updated Norton Insight to enhance its effectiveness.
.........

 

I wonder if that meant File Insight or Download Insight or Norton Insight (scanning Trust levels)?  If you find out, let the rest of us know.


mijcar wrote:

I've noticed that not a single threat that NIS has quarantined on my computer has the option to be deleted.  Why is this?  It appears that Norton has decided that since the threat is resolved, I would want to keep the file in question.  This is absurd.  How many people would be receiving a file they really want that just happens to be infected with malware?  Hogwash.  If I get malware, it was probably sent automatically from an infected machine; and I have no interest in the file.  In fact, I don't want it creating an ever-growing quarantine folded just wasting space on my computer.

...

 


This thread is still unresolved.

 

There has been a lot of input but not a single response by Symantec personnel.

 

One poster has indicated that when a log item is removed from history, the file it refers to is deleted from Quarantine.  But there is absolutely nothing in Norton documentation that supports this; and alas I am not able to replicate that poster's own research.  In fact, Norton documentation is very specific:  It states that to remove an item from Quarantine, the user must choose a DELETE FILE option!

 

My situation is quite simple.  I am accumulating a lengthy list of actions recorded in history.  I like to clean up this log every so often; but before I do that, I want to make certain that all the Quarantined items to which it refers are also removed from my computer.  I have no need for them; I simply want them gone.

 

Now that is eminently reasonable.

 

But my simply query has resulted in a torrent of mishmash.

 

Here is where I want someone from Symantec to step in and give us all accurate information.

 

1.  When a user gets a report in History that a HIGH SEVERITY Backdoor.Trojan was detected as an email attachment and was quarantined by NIS, is that what actually happened?

 

I ask this because I have been unable using a deep search (hidden and system files) to find the referenced file anywhere.  Also, I am concerned because this decision by NIS is in violation to my NIS settings in which I configured NIS to "remove infected compressed files".  So, why aren't they being removed?  Or if they are, why does history report that they are quarantined?  And, if they are quarantined, where are they?

 

2.  According to the Help files, I can delete a file from Quarantine, by opening Quarantine or History, clicking on the file that was Quarantined, clicking on Options, and clicking on DELETE THIS FILE.   But I don't get that option when I follow that course.  Is the file already deleted?  What happens to the file if I click "DELETE THIS FILE FROM HISTORY". Note what is in bold and what isn't.  That is how the option is printed.  It seems to be making a real clear point:  this file will be deleted from history, not from quarantine.

 


My impression is that this is Symantec's version of fine print in a contract.  As long as we depend only on each other for answers to the above questions, and as long as no one from Symantec confirms or denies anything about these questions, than Symantec is not legally liable regarding anything that might happen if we follow another poster's advice.  "Well, Ladies and Gentlemen of the Jury, there are hundreds of thousands of posts and we just never saw this particular thread.  The claimnant is right that the information and advice offered by other posters is incorrect; but it is not our fault that he followed that advice.  Had we seen it, of course we would have corrected it."

 

Let me point out that the Help files themselves do constitute a basis for legal liability.  If I were to have a problem because I did follow the advice in the Help files, then a case can be made that Symantec can be held liable.  Moreover, because Symantec itself has written me directly about my posts in that thread, questioning my "attitude", that is sufficient in itself to establish that the thread has been brought to their attention and that they did see enough of the contents to be aware of what was being said.  Symantec is no longer in a position to establish "plausible deniability".

 

I realize that I am opening myself to official forum reprisal.  Worst case is that I get banned from here and have to come back in another personna.  Banning me should itself be a violation of my contractual rights since this Forum's availability is part of my contract with Symantec when I use a contemporary Norton product.  Nor am I a radical trying to disrupt the normal proceedings of this Forum.  I have simply posed a question that in and of itself has proven controversial -- in that there have been a number of different interpretations of the situation.  I did not cause that controversy.  In fact, I am only seeking an end to it.

 

Last, I have tried to maintain an amicable attitude about all this; and even now I am seeking to maintain one.  This is a forceful post designed to get attention and a response.  I still enjoy my Symantec product and wish to continue what up to now has been a friendly relationship with the company and in particular its representatives on this forum.

It's been seven days.

 

Does Symantec have an answer?

The reason you don't get a Symantec answer on this is that you have been answered already.  Whether or not you like it, the facts are the same.  You could email Customer Support and see if they will give you a written responce.

 

http://www.symantec.com/norton/support/contact/contact.jsp?selected_nav=6&pvid=cs


dbrisendine wrote:

The reason you don't get a Symantec answer on this is that you have been answered already.  Whether or not you like it, the facts are the same.  You could email Customer Support and see if they will give you a written responce.

 

http://www.symantec.com/norton/support/contact/contact.jsp?selected_nav=6&pvid=cs


That doesn't make sense, Dbris.  How can you say I've been answered?  I've read through these posts and I've not seen a single answer from Syamntec.  Just because one or two posters think they have an answer doesn't mean they are right.  Heaven knows I've posted what I've thought was a right answer only to later have Symantec say otherwise.

 

Have I missed the post with the answer?  I really can't see it anywhere.

Hi mijcar:

 

After reading this thread, twice, I would agree that you have not been answered to your satisfaction or mine, for that matter.

 

If you examine some of my earlier posts, I questioned the rather poor design of the self contained help system and it's limited interface to other resources on Symantec's website. I too, have never received a response from the company. It's kind of comical, since this closely relates to yesterday's post on the nature of terminology and layout regarding Symantec's website as a whole.

 

Additionally, when I look at "Remove From Security History," it is not the same (to me) as actually stating that it *will* be removed from your system via Quarantine. This may be implied, but not actually stated, which only adds confusion into the mix. Why an infected file would be placed in Quarantine, yet "removed" from Security History (note the wording) is a bit bewildering, IMO.

 

If NIS is a product that is marketed to the masses, a user friendly approach is key, else position it toward technical users.

 

Norton 360 is a bit better in this respect, IMHO, but it doesn't have the flexibility of NIS which is an unfair tradeoff.

 

As much as I like NIS (and I really do) there is much work to be done in polishing this product, I would think.

Message Edited by Plankton on 11-19-2009 11:00 AM

Again, in the new versions of Norton, deleting the log entry in the History / Quarantine area also removes the quarantined file(s).  Without the log entry, there is no way to restore the file(s) so Norton will not keep them locked but unaccessable on the hard drive.

dbrisendine


 

This is a reasoned and logical response, but should it be necessary that the user logic out what the results of his choices are, without a clear understanding of how those choices are presented, and what other choices are available?

 

I am in full agreement with Mijcar in his statement:

 

"Nothing is more important in the interface between product and user than the correct and clear usage of words!"

 

 

I don't think that Mijcar is being argumentative.  He is stating a fact that the documentation and the results of the choices are unclear.  It does not matter what we know or think we know or believe.  It only matters that the average user can go to the help documentation and find an absolutely crystal clear answer to his or her question. 

 

Many of us on the forum have stopped and looked at some part of any Norton product, as well as many others on the market and wondered what in the world the instructions actually mean.  Sometimes the choice is made by guessing.  I  disapprove of that necessity.  There must have been a determination made somewhere along the way to present the choice as "Remove from History" rather than "Remove", "Delete", or "Eradicate this threat permanently."

 

I believe that clarification should be provided on this question.  It is inappropriate that questions regarding the actual functioning of the program remain unanswered, or answered unsatisfactorily. 


delphinium wrote:

Again, in the new versions of Norton, deleting the log entry in the History / Quarantine area also removes the quarantined file(s).  Without the log entry, there is no way to restore the file(s) so Norton will not keep them locked but unaccessable on the hard drive.

dbrisendine


 

This is a reasoned and logical response, but should it be necessary that the user logic out what the results of his choices are, without a clear understanding of how those choices are presented, and what other choices are available?

 

I am in full agreement with Mijcar in his statement:

 

"Nothing is more important in the interface between product and user than the correct and clear usage of words!"

 

 

I don't think that Mijcar is being argumentative.  He is stating a fact that the documentation and the results of the choices are unclear.  It does not matter what we know or think we know or believe.  It only matters that the average user can go to the help documentation and find an absolutely crystal clear answer to his or her question. 

 

Many of us on the forum have stopped and looked at some part of any Norton product, as well as many others on the market and wondered what in the world the instructions actually mean.  Sometimes the choice is made by guessing.  I  disapprove of that necessity.  There must have been a determination made somewhere along the way to present the choice as "Remove from History" rather than "Remove", "Delete", or "Eradicate this threat permanently."

 

I believe that clarification should be provided on this question.  It is inappropriate that questions regarding the actual functioning of the program remain unanswered, or answered unsatisfactorily. 


Thank you.

 

And what's more, you said it even better than I did.

 

So, thank you again.

So it gets even more confusing:

 

Today my Eicar test virus was found and quarantined.

 

As an experiment, I restored if from quarantine, then immediately deleted it using the shift-delete option so it wouldn't end up in the recycle bin.  Guess what:  A copy of it is still sitting in quarantine available to be restored again and again and again ...

 

How do I make sure that the copy is actually removed from quarantine.  My suspicion is this:

1.  Removing a history entry leaves the file encoded in quarantine.  The developers conviction is that without the access provided by the history entries, no one will be able to access this file so it is "as good as" deleted.

2.  But what if

a) I made a copy of my history logs folder

b) I remove the history entry

c) I replace the current history logs folder with the previous one.

Will I now "find" the old entry and will that old entry give me access to the malware?

 

So back to my original question:  Does removing an entry actual delete the file from its compressed, encoded quarantine file; or does it leave it in there will the assumption that no one can now get at it?