D+ should automatically kill processes detected as malicious by the AV

Credits to JoWa for this wish:

When the antivirus detects malicous processes, which it suggests to put in quarantine but fails to do so, Defense+ could step in and kill the process. Thereafter the antivirus could easily put the malicious file(s) in quarantine.

LA

An excellent idea, LA

Yeah it is very good idea!

V7chy

I agree, it came from JoWa, as a result of the Remove Malware test. :-TU

LA

Have we cured the false positives?

No, that’s why we have the quarantine instead of letting CAV deleting the file(s) in question. :-TU

LA

Do we still see users who are getting significant false positives is really the question? I Haven’t been following the results. Generic signatures and class matches can really affect this problem. Still seems OK if it is easy to unquarantine and mark as safe and not get caught in a loop.

Bump. :smiley:

+1 If on access scanner didn’t scope to the process yet.

:-TU

+1

I agree and would like to take this even further. When the D+ Pops up with an action request window, you should have the option to TERMINATE AND DESTROY!!! Enough said.

And remember,

RD~“When people are given limited choices it is the same as giving them none at all!!”

+1
Yes I strongly agree, add the file to my Blocked Files or kill it then quarantine it.

I just had a thought against this: FP. If the suspected file is Falsely labeled as viral/malicious, and it is an important file, having D+ kill it then allowing the AV to quarantine it could disrupt and destabalize a system.
Not a good thing.
I recant my vote and change it to Nay (for the time being).

I would agree only if letting D+ the job is a choice and something that happens automatically. I agree with the criticism of John here.

Still, FPs may trigger the AV quarantine to kill legit processes?

+1. Why hasn’t comodo come up with this already? ;D

Let me rephrase. I made a language error. I would agree only if letting D+ the job is a choice and not something that happens automatically.

I never allow the AV to automatically quarantine anything due to FP’s (this is true with any on-demand AV I have installed also).
Detect it, show me, allow me to decide if I want it quarantined/killed.

I totally agree. I’ve never had any AV automatically do anything with any detections. Whether that be quarantine, fix, or worse, delete. It’s just too scary in my opinion.

Yes, and when you decide to quarantine or remove the threat, and the threat is an active process, CIS should use D+ to terminate that process, instead of requiring a reboot. :wink: