Jump to content

Quarantine Re-Scan


Siketa
 Share

Recommended Posts

File was detected by behavior blocker and auto-quarantined.

Later, due to my submission, it's verdict was changed to Safe.

 

But, after re-scanning the quarantine, EAM reports there are no false positives.

This entries should be automatically purged in such cases.

post-17436-0-54509300-1476962483_thumb.jpg

post-17436-0-95555700-1476962483_thumb.jpg

Link to comment
Share on other sites

Hi Siketa,

 

Quarantine re-scans are only applied to items that were moved to Q by a signature based detection. (File Guard or Scan)

This is why these Behavior Blocker entries were not re-qualified.

 

Automatic deletion of items that sit in Quarantine is a no go, as you can imagine.

Link to comment
Share on other sites

There is a major difference between the File Guard and Behavior Blocker:

 

The Behavior Blocker monitors behavior and doesn't need signatures.

The File Guard scans files realtime, and depends on signatures.

 

This is why re-scanning items, that were moved to Quarantine by the Behavior Blocker, makes no sense.

 

 It is more user friendly when files that are save automatic are moved to there original location.

 

 

It is not user friendly when EAM would overwrite already restored programs automatically.

This would add a huge complexity and unwanted situations, which requires user input.

 

This is why items that were moved to Quarantine (automatically or manually) stay safely and encrypted in Quarantine, where they can do no harm, until the user decides what do to with these items (delete or restore)

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...