Hello, it’s me again!

After my last post about my situation with an accidental click to a malicious website, I wasn’t sure about plugging in external hard drives into my computer, as they have all my personal files on them.

2 days ago, I plugged an external hard drive into my computer just to see what would happen. It was a 10+ year old hard drive that was obsolete. Norton scanned the drive and found no threats on it. Two minutes later, I get a pop up from Norton saying “Threat resolved” and that a file named Securityrisk.orphaninf was quarantined.

I would like to know what exactly that file is, as there is conflicting information about it on the Internet.

Also, finding out that it was quarantined put me at ease. It means it won’t be running rampant around my system and potentially compromising other drives. Though, preferably, I’d like to remove it from my computer completely. However, there is no option to do so in the Norton Security. So, I’m wondering, does Norton delete quarantined files automatically after a certain period of time, or will it be left in quarantine forever?

A few things to consider before answering:

Firstly, recently, I configured my Antivirus to run the Boot Time scan to provide an extra level of security (which is probably what found that file).

Secondly, the drive that was inserted was having problems. A pop up came up saying “There is a problem with this drive. Scan this drive now and fix it.” This was most likely caused by an abrupt removal around 8-9 years ago and so needed a reformat. I discovered this issue just under a year ago. Because of its age, I didn’t bother to reformat it.

@pearcetransportproductions476 Just following up with the thread to see if we can assist further.

SA

Thanks for the post. Norton detected and removed the file in question so there isn't any other actions you can take other than to add to quarantine. It can be removed at another time manually IMA. The scans also show that you are clean on both drives. Nothing to worry about in that respect as well. There was most likely an older .inf file which was sitting around on that drive which Norton nabbed after it had been sitting for so many years. Norton's detection methods have changed over time, in that this wasn't being detected years ago and yet is now. Again, nothing to worry about.

One thing I can also suggest is looking at "Auto-Runs" by running it on your system to check for objects that are loading and running when Windows starts. If you need help with it needing to ask questions we can help with it as well. Things look good though from the information in the screenshots. 

SA

Power Eraser on the external HDD concerned.

Boot Drive (C Drive) scan.

Full scan with external HDD unplugged afterwards.

Please excuse the quality of these screenshots. They were taken from my phone.

Got the screenshots sorted now. Below is the Quarantine information.

Popup saying there is an issue with the drive.

Full scan with all drives.

Scan of the External HDD concerned.

Just rescanned both the drives and all have come out as clean. However, I'm having problems trying to upload the screenshots of my scans as they're too large for the thread.

I have Windows 10 operating system. Not sure what the version is though. Will need to check that. I'm not sure if this helps, but I got the computer in mid-2020, and some files on the boot drive are dated late-2019.

Have you rescanned both drives? Could you post a screenshot of the quarantine from Norton history? Having that to review would shed some light on what may or may not be the next step for you. Here is how to post a screenshot:

https://community.norton.com/en/forums/how-post-image-forums-0

You can do a screen capture using the built in Snip and Sketch tool in Windows.

SA

I have Windows 10 operating system. Not sure what the version is though. Will need to check that. I’m not sure if this helps, but I got the computer in mid-2020, and some files on the boot drive are dated late-2019.

Yes, drive C:\ is always the boot drive in Windows. There was once a Windows to Go version based on booting from USB with a custom installation to carry with you. Those days are long gone however. 

What is your OS and its version? I ask because the more info we get the better we can assist you in the long run. 

SA

Hi SoulAsylum,

Would the boot drive you’re referring to be the C Drive?

Hello. The Broadcom site has this information on the issue you are seeing. Quoted from the article:

Cause

SecurityRisk.OrphanInf is a detection on an orphaned AutoRun.inf files Its likely there's a reference to the orphaned autorun.inf in the registry leading to this event.

File Path unavailable is typically a reference to the non-disk location like registry/memory etc. or a remote location which SEP could not resolve and/or in case of removable drives, the drive is disconnected before SEP could learn the path/location. These are the possibilities it may fall under.

https://knowledge.broadcom.com/external/article/220126/endpoint-protection-manager-security-ris.html

Norton scanned the drive and found an .inf file residing there that was more than likely nefarious and removed it before it could get the full location of the file. If the drive is connected externally or internally rescan it again with a full drive scan. I would also scan the boot drive to make sure nothing move over to it. I would suggest you are safe, run those scans to be sure.

Opening Quarantine in Norton history you should be able to remove the file from history. Since it was quarantined and removed there is nothing else to do. The entry is all that remains for your review.

SA