Delete Quarantine Folder?

Hello all,

I was wondering what would happen if I deleted the contents of my Norton Quarantine folder? Is that a good idea? Bad idea?

 

Thanks! 

Hi CommMajor101,

 

If you delete the contents of the Quarantine folder, the files are gone permanently, not restorable, totally zapped!  The Quarantined files are harmless,  so the only real gain by deleting the contents is saving some space.

It is not recommended to delete files from the quarantine folder. Files removed from Quarantine are not placed in the Recycle bin. Removing files from Quarantine will permanently delete the files from the computer.

 

Suppose if excel.exe is infected. Norton product knows that this file is essential for the Microsoft Excel to work. So Norton product won't delete that file, instead it quarantines that file. Then you can still use your MS excel program. Now if you delete that file from quarantine, it will be permanently deleted from your computer and the Excel program will stop working. So do not delete any files from quarantine folder until and unless you are sure that the file is of no use.

 

Vineeth--

 

{I was typing here when Marty posted this message}

Message Edited by Vineeth on 05-26-2009 03:12 PM

CommMajor101 wrote:

Hello all,

I was wondering what would happen if I deleted the contents of my Norton Quarantine folder? Is that a good idea? Bad idea?

 

Thanks! 


Why in the world would anyone want to keep them?  :smileyhappy:

Obviously anyone would be a little paranoid about leaving files that had been infected on your computer. However, the fact of the matter is that while it is important to remove the threat (the actual virus, spyware, trojan, etc), the once infected files are often still necessary for your operating system and various other programs to function properly.

Message Edited by pexley on 05-26-2009 05:21 PM


Vineeth wrote:

It is not recommended to delete files from the quarantine folder. Files removed from Quarantine are not placed in the Recycle bin. Removing files from Quarantine will permanently delete the files from the computer.

 

Suppose if excel.exe is infected. Norton product knows that this file is essential for the Microsoft Excel to work. So Norton product won't delete that file, instead it quarantines that file. Then you can still use your MS excel program. Now if you delete that file from quarantine, it will be permanently deleted from your computer and the Excel program will stop working. So do not delete any files from quarantine folder until and unless you are sure that the file is of no use.

 

Vineeth--

 

{I was typing here when Marty posted this message}

Message Edited by Vineeth on 05-26-2009 03:12 PM

This is so wrong I don't know where to begin.

 

Quarantined is quarantined.  Nothing else but Norton is meant to have access to this file.  If an Excel component is found to bevirally infected, you don't want to use Excel.  Period.  Remove it and reinstall it.

 

The idea of a quarantine is that sometimes someone gets an MS Office document or a JPG or a sound file or a Zipped file that contains vital information.  If the data is important enough there are techniques for getting into the file and retrieving a large part of what is needed.

Sometimes, the original sender might want to see the quarantined file because he thought the file was innocent and wants to see if it really is infected.  And sometimes, you might want to confirm the infected state by sending the quarantined file off to be checked individually.

 

If none of the above apply, get rid of the darn thing.


pexley wrote:
Obviously anyone would be a little paranoid about leaving files that had been infected on your computer. However, the fact of the matter is that while it is good to remove the actual threat (the actual virus, spyware, trojan, etc), the once infected files are often still necessary for your computer to function properly.

Where is all this coming from?

 

You don't run your computer with infected files.  And if you have a whit of sense, you don't try to "fix" them.  You replace them.  They aren't in the same location.  They aren't referenced any more by the system they were once components of.  They are worthless, dangerous pieces of code.  You uninstall and reinstall a healthy product.

 

Unless something new under the sun has happened in the world of software and operating systems, the only good infected file is (ultimately) a deleted file.

mij,

 

Sometimes there are once infected files that simply need to remain in quarantine. What if a part of the windows registry got infected and norton was able to completely clean out the threat. Should I go ahead and reinstall my whole operating system?!

 

Really this is not a fair arguement. What you should do with files in quarantine depends on just what kind of file it is. If it lets say an infected word document, yeah, go ahead and delete it altogether. An infected file tied to your operating system that has been completely cleaned and fixed, consider taking it out of quarantine and restoring it. A file tied to a specific program, lets use the excel example again, it probably is a good idea to delete the file alltogether by uninstalling excel, checking the rest of your system for threats, and then reinstalling excel again.

I’m in agreement with Mij.  So far as I know, a quarantined file is not repaired or cleaned in quarantine, it is locked away from the system.  It is not accessible.  Once you have determined that a file is not a risk and restored it, or submitted it and received an answer, deep-six it.


pexley wrote:

mij,

 

Sometimes there are once infected files that simply need to remain in quarantine. What if a part of the windows registry got infected and norton was able to completely clean out the threat. Should I go ahead and reinstall my whole operating system?!

 

Really this is not a fair arguement. What you should do with files in quarantine depends on just what kind of file it is. If it lets say an infected word document, yeah, go ahead and delete it altogether. An infected file tied to your operating system that has been completely cleaned and fixed, consider taking it out of quarantine and restoring it. A file tied to a specific program, lets use the excel example again, it probably is a good idea to delete the file alltogether by uninstalling excel, checking the rest of your system for threats, and then reinstalling excel again.


Sorry, Pexley, but you don't know what you are talking about.  If your registry was sitting in quarantine, your computer wouldn't boot up.

 

If your registry had an infection removed, then the registry wouldn't be sitting in quarantine.

 

Quarantine is for files, not pieces of code.  The registry is a single file.  Pieces of it don't get placed in quarantine.

 

Talking about an infected registry is NOT the same as talking about an infected file.

An infected file is a file that initiates bad behavior by being opened in some way.  Most of these files have to be executable files.  A few of these are files like office documents that contain miniprograms called 'macros" or media files that have embedded instructions to certain players and use the players to indirectly do their bad deeds.

 

An infected registry is not the same thing.  When we talk about an infected registry, we mean that it contains "entries" that when read by programs looking for behavioral guidance are given misinformation.

 

An infected file is something like a person with a disease.  You quarantine this person so he can't pass on the disease to other people.

 

An infected registry is like a medical book that gives the wrong information about a disease.  You remove the wrong entries from the book so that doctors won't take the wrong course of action.  You don't quarantine the entries, because that wouldn't have any meaning.

 

 

Well then I should be thankful l have never had to deal with the trouble of an infected system registry :smileywink:.

Hi Mijcar,

 

 My intention was not to let the user to delete the files, but to make sure that the file is of no use before deleting the file.

 

 There was an issue in 2008 version, when one of the updates wrongly detects that GPIproxy.dll (this file is essential for WinDVD 8.0 to work) as an infection and quarantines it. In that case if you delete this file from quarantine, your product will not work at all.

 

I apologize if my example made confusion, just want to stress that we need to check whether it is a false positive or not before we delete  that file from quarantine folder.

 

Vineeth--

Message Edited by Vineeth on 05-26-2009 04:06 PM

Wow, didn’t know I would spark a debate. Thanks to all for taking the time to contribute, I appreciate it!  The reason I’m asking is because another AntiVirus program I have continues to get stuck while scanning the Quarantine file for Norton. So, I was wondering if I could just empty it in order to have this other antivirus program complete it’s scan.

Hello CommMajor101,

 

The clearest definition is right from the NIS help section:

 

"Quarantined items are isolated from the rest of your computer so that they cannot spread or reinfect your computer.

 

You cannot open quarantined items accidentally and spread the virus, but you can evaluate the quarantined items for possible submission to Symantec."

 

Now, what other antivirus program are you using? Does it run in realtime, or is it an on demand scanner?

 

There could be a possible conflict.

I have no idea what an on demand scanner is. The program that’s getting stuck is Avira AntiVir Personal - Free addition, if that helps.  Thanks!

Having two realtime anti-spyware / antivirus programs running is not recommended by any security software manufacturer.

 

You are not getting double protection, but actually setting yourself up for potential conflicts as the two systems compete for available system resources and can clash as the two products attempt to scan and analyze the same files on your computer. These conflicts can cause you to have less protection against threats.

 

I would highly recommend that you uninstall Avira.

 

An on demand scanner is a scanner that does not run in realtime in the background but only when the user initiates it. Generally these types of scanners are used only occasionally.

 

The FREE version of Malwarebytes here is an on demand scanner which you can use just to double check your system once in a while. This version does not run in the background and will not conflict with your Norton Product.

Message Edited by Phil_D on 05-26-2009 08:18 PM

Yes I already have Malwarebytes, thank you for the recommendation though. Also, I think I'm going to keep Avira. It's the only program detecting a certain virus on my computer that Norton isn't detecting.  So, I guess the resolution to this issue is to review the stuff in the quarantine folder and delete as necessary, right?

Hi CommMajor101,

 

I certainly won't force you to configure your system in a particular manner, but I also can't recommend having two realtime security products on your system.

 

What "virus" is Avira detecting? Is it continual? Are you sure it is not a false positive or caused by the software conflict?

 

I can only volunteer my advice to help you get the highest degree of security possible.

 

 

I appreciate it Phil!  Avira is detecting ADSPY/Gdown, but the scan keeps getting stuck while scanning the Quarantine folder for Norton, so I can't complete the scan in order to delete the ADSPY files.

 

Thanks for your help! 


CommMajor101 wrote:

I appreciate it Phil!  Avira is detecting ADSPY/Gdown, but the scan keeps getting stuck while scanning the Quarantine folder for Norton, so I can't complete the scan in order to delete the ADSPY files.

 

Thanks for your help! 


Something doesn't scan about what you just said.  (Pun intended.)

 

Most AV programs delete or quarantine files as they are identified as infected.  To the best of my knowledge, this is how Avira works.  The only reason for an AV program not moving or deleting malware is because it can't access it.  For example, if the malware is being held quarantine by another program.

 

From your description of what's going on, it sound like Avira is detecting one of two things:

A piece of malware sitting in Norton's quarantine folder.  Since Norton won't let any other program access it, Avira won't be able to do anything with it, and the two programs engage in a tug-of-war, which is exactly what Phil warned you of, and Avira gets locked up.

Or Avira has hit Norton's signature list and identified the file as malware because it contains a signature that matches one it uses.  So it is trying to delete Norton's signature file and Norton is saying it can't do that, which is exactly what Phil warned you of, and no matter which program wins this battle, you lose.

 

I know you think you have a sound reason for keeping Avira.  After all there is a new piece of malware out there that Avira can identify (unless it is a false positive!) that other programs aren't identifying.  On the other hand, for every AV program out there, there is also probably one new piece of malware that that program will be the first to identify and write signatures for.  Does this mean you should keep dozens of AV programs on your computer, all active and triggering each other's virus signatures, just because each one will identify something the others won't (unless it is a false positive) for some short period of time?