Tip of the Week: Quarantining Suspicious Files

Kaspersky Internet Security 2014 features the Quarantine component. We have received many questions about how this component works, so we are going to explain it in this tip.   In

Kaspersky Internet Security 2014 features the Quarantine component. We have received many questions about how this component works, so we are going to explain it in this tip.

33

 

In medicine, quarantine is a set of measures taken to restrict contact with an infected person or a person suspected of being infected. Antivirus software uses quarantine for a similar purpose. Quarantine is a special storage where probable infected objects are kept. Probable infected objects are objects that are suspected of being infected by viruses or their modifications. Suspicious objects are moved to Quarantine automatically and do not represent any threat to your computer when stored there.

When objects are quarantined

  • The code of an object resembles a known threat but is partially different, or its structure resembles that of a malicious program but is not present in the database.
  • The sequence of actions performed by a file is suspicious.
  • Files are not recommended to be deleted or cannot be deleted safely, or they are not proven to be infected.
  • Files can be changed or deleted during disinfection.

Objects are moved (not copied) into Quarantine: it means that an object is deleted from a disk or an e-mail and saved in the quarantine folder. Quarantined files are stored in internal binary formats so they do not pose a threat.

Where the quarantined files are physically stored

Files are stored in the following folders:

  • Windows XP: %ALLUSERSPROFILE%Application DataKaspersky LabAVP14.0.0QB
  • Windows Vista/7/8: %ALLUSERSPROFILE%Kaspersky LabAVP14.0.0QB.

Why you may need to restore files from Quarantine

As mentioned previously, Quarantine contains files that are removed or changed during disinfection.

1

You may need to restore a file in situations like these: Kaspersky software disinfected the file, but it was changed by the virus and cannot be used, or antivirus software could not disinfect the object, therefore deleted it. However, the file is important and you want to restore and use it despite the threat it represents.

To restore files from Quarantine, perform the following actions:

  1. Open Kaspersky Internet Security 2014 and select Quarantine.
  2. From the list of files, select the file you want to restore and click Restore:

2

The file will be restored to the folder where it was stored before it was removed to Quarantine.

How long files are stored in Quarantine

By default, the maximum storage period for quarantined files is 30 days, after which objects are deleted. You can change the storage period and set a maximum size for Quarantine. When the maximum size is reached, stored objects are replaced with new ones.

To change the Quarantine settings, perform the following actions:

  1. Open Kaspersky Internet Security 2014 and click Settings in the lower right part of the window.
  2. In the left menu, select Additional. Then select Reports and Quarantine in the right menu.
  3. Set the required parameters in the Quarantine section.

3

BEWARE THE THINGBOT!

We talk about hackable consumer devices a lot here at Kaspersky Daily. Generally though, the hacks are hypothetical, performed in controlled environments by computer scientists and professional hackers, some of

Tips