Working with quarantined objects
A heuristic code analyzer, detecting up to 92% of new viruses, determines whether a file is suspicious in terms of possible presence of a virus. This mechanism is very effective but sometimes it brings about false positives. How can we determine whether a file is actually infected with a new virus not yet recorded in the anti-virus database or whether this is just a false alarm of the anti-virus program?
During the scan of the entire computer or individual disks files and in the real-time protection mode, Kaspersky Anti-Virus Personal quarantines all objects possibly infected with a virus or a virus modification. You can later apply various actions (scan, recover, delete, etc.) to the quarantined objects. Quarantined files are stored using a special format and do not constitute any danger.
We recommend that you update the anti-virus database before scanning the quarantined files. By this
time the database may have already been updated with information about viruses suspected of infecting the quarantined files and you may be able to repair such files.
You can work with files that are possibly infected in the Quarantine window, which can be opened by clicking View Quarantine in the Protection tab of the main application window or by clicking the View Quarantine link in the Scan window.
The following actions can be performed from the Quarantine window:
- Quarantine a file suspected of being infected with a virus that is not detected by Kaspersky Anti-Virus Personal. To quarantine a file, click Add and select the suspicious file in the standard file selection window. The file will be added to the list with the status quarantined by user.
- Scan and disinfect all suspicious files or only files selected in the list using the current anti-virus database. In order to do this, click Scan All or Scan (before doing this you have to select the files to be scanned).
After scanning and disinfection of any quarantined object its status may change to infected, false alarm, not infected, ect. In this case, a message will open with recommendations on how to treat this file.
The infected status means that the object was identified as infected but its disinfection failed. We recommend that you delete such objects.
All objects with the false alarm status may be safely restored as their previous possibly infected status was incorrectly assigned by Kaspersky Anti-Virus Personal.
Quarantine for suspicious files
- Restore files from the quarantine folder to the original folders from which they were moved. To restore an object, select it in the list and click the Restore button. When restoring objects quarantined from archives, e-mail databases and mail format files, you must specify the folder to which they have to be restored.
|
|
We recommend that you restore only objects with a false alarm, not infected or
disinfected status because restoring other objects may lead to infection of your computer!
|
- Send objects that are possibly infected to Kaspersky Labs for analysis. We recommend that you send only objects that have retained their possibly infected status after numerous attempts to scan and disinfect them. To send a file to Kaspersky Labs, click Send (for details see section Contacting Technical Support).
|
|
Note that each file that you send to Kaspersky Labs for analysis should be scanned by Kaspersky Anti-Virus Personal, using the database, updated maximum one day before you send the file.
|
- Delete any quarantined object or a selected group of objects. Delete only files that cannot be disinfected. To delete such files, select them in the list and click the Delete button.
See also: