IT Security Outsourced IT

Quarantined Files

What are Quarantined Files?

Quarantine is a special isolated folder on a machine’s hard disk where suspicious files detected by antivirus and antimalware software solutions are placed to prevent further spread of threats. Quarantine allows users to review suspicious and potentially dangerous files from all machines and decide whether they should be removed or restored. If the machine is removed from the system, the quarantined files are automatically removed. Antivirus solutions can scan files on your computer in the following ways:

Passive scanning. With passive scanning, antivirus works in the background to protect your computer from threats. An advantage of passive scanning is that it continuously scans for threats without user involvement. A disadvantage of passive scanning is that it uses more battery power as it is continuing to scan while the computer is not in use.

Active scanning. Active scanning involves a user requesting a scan of the computer. Users can request a basic scan, which can be done quickly and only scans a limited number of files, or a full scan, which will take much longer but will scan every file on the computer.

When an infected file is found, the file may be sent automatically to quarantine, or the user may be given a prompt to determine what to do with the infected file. Quarantining involves isolating the infected file in order to prevent it from contaminating other parts of the computer. When an antivirus solution places an infected file in quarantine, it does the following:

  1. Deletes the file from its original location;
  2. Makes changes to the file so that it cannot run as a program;
  3. Transfers the file to a hidden folder that cannot be accessed by users or programs until the user chooses to deal with it.

If the antivirus solution does not automatically place the infected file in quarantine and, instead, offers the user a prompt to determine what to do with it, the user is often presented with these three options:

  • Clean. Cleaning removes the infection from the file but does not delete the file itself. This is the best option if the user needs to keep the original file.
  • Delete. Deleting completely removes the file from the computer.
  • Quarantine. Quarantining moves the virus to a safe location where it cannot infect other parts of the computer, but it does not clean or delete the file.

While quarantined files can be left in the safe folder indefinitely, it is best to clean infected files and remove them from the machine completely.