Jump to content

Difference in detection and quarantine depending on what you are doing


Recommended Posts

Win 10 64bit 1909... EAM beta 9977

As well as a Reflect image, I also have a little USB stick which, every so often, I copy and paste my docs, downloads and pictures to. It is sort of an emergency backup of files which I keep in a drawer.

On this PC I have 5 eicar items which I keep to test the scanner. The scanner always tells me it has detected them but never quarantines them. I have report only selected in scanner settings.

I have attached what EAM usually does and finds from a scan report.

Today I selected documents, downloads and pictures  in C\ users\ username (room) and chose copy.

Then with my usb stick plugged in and opened I selected paste.

EAM quarantined 2 items. (screenie attached)

The 2 items were from Downloads. Why did it do that when I had it set to report only ? Was it because it wasn't a scan but a copy and paste?

The Zip files in Downloads were not quarantined. The eicar.com.txt in root of C was also not quarantined.


Annotation 2020-02-20 095857.jpg


Link to comment
Share on other sites

@stapp  Do you have "Automatically quarantine programs with bad reputation" set in Settings - Advanced?     

(It seems to me that that option doesn't make it clear under what circumstances reputation would be examined.   It does say in the tooltip, that this follows an "alert", whereas the log above shows "Notification" actions.  Since the difference between "notification" and "alert" is significant, I wonder if that's just loose logging terminology or part of the problem.)

I would be most unhappy if anything here got auto-quarantined, since that's more than likely to break applications dependent on files staying put.

Link to comment
Share on other sites

hi guys,

you're mixing up 2 settings, like stapp already expected.

Copy/paste actions invoke the File Guard, which obviously applies the settings as configured under 'File Guard'.

The settings under  'Scanner Settings' are applied when running an on demand scan or scheduled scan. For scheduled scans the settings act as a template and can be modified per scheduled scan task.

In this way users are offered to set different functionality for both realtime protection (File Guard) and Scans.

Archives, like ZIP, are only scanned during (scheduled) custom scans and (manual) explorer context menu scans.







Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...