Quarantine in beta 10677

[stapp]

I have quite a few different types of eicar files that I keep in downloads so I can test EAM scanner.

I always have EAM set to ALERT so that I can see in Forensic logs what they found.

Today I was copying my pics and docs (including downloads) onto a memory stick as an additional backup along side Macrium.

EAM quarantined 2 of the items... why?

The other 2 eicar were left in downloads and copied over to the memory stick. (they were zip files)

 

[Frank H]

When you have set the File Guard in Default Scan mode, .com files are scanned. Zip files are not.

 

[JeremyNicoll]

But why was anything quarantined?   @stappsaid that EAM was configured just to /alert/.

[ShadowPuterDude]

Check and make sure that "Automatically quarantine files with bad reputation" is not checked in Settings => Advanced.

That looks like a a reputation based action was taken.

[Frank H]

30 minutes ago, JeremyNicoll said:

But why was anything quarantined?   @stappsaid that EAM was configured just to /alert/.

I just tested and i got an alert while copying.

@Kevin Zoll Alert overrules that setting you pointed to.

[stapp]

@Frank H

I didn't see an alert.

Is it expected behaviour for 'copy' to quarantine something even when I just have 'alert' as my preferred choice ?

 

[Frank H]

14 hours ago, stapp said:

s it expected behaviour for 'copy' to quarantine something even when I just have 'alert' as my preferred choice ?

Nope, an alert should popup if you have set that  ,see screenshot. why that didn't happen? no idea. maybe you could try again.
 

 

[stapp]

I'll have another look when I next do a backup copy of all my data again to usb. I rely on Macrium so the backup is just for extra insurance.