How move file from Virus Log to Quarantine ?

How can I move a suspect file from the virus log to quarantine?

The suspected file is A0032025.exe and a popup came up asking what to do.

C:\System Volume Information_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\Fifoed\A0032025.exe

I couldn’t get to this right at that moment but came back to it in just a few minutes.

When I went back to it, the anti-virus window was gone.

I see in the CIS log that that file was detected.

However, I need to move the file to Quarantine.

How can I do this (without the red/black warning window) ?


Guess what?

I ran another scan, but this time it didn’t find that file.

What to do now??


Many thanks

I think you need to be able to access System Restore files: http://support.microsoft.com/kb/309531/en-us .

Thanks

Yes, I’ve been trying that (found same page on MS) but so far haven’t been allowed access.

What’s weird is that the background scan found the suspicious file but the scan that I initiated did not, but I didn’t do anything in between.

Can you access the system restore files and folders using Windows Explorer?

Hi

That’s what I’ve been trying to do. I un-hid the directory, etc., as mentioned in the MS directions. There is no “Security” tab. So far, the MS instructions don’t quite match up to my WinXP stuff

On another note, the background scan has again found the suspicious file:

C:\System Volume Information_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\Fifoed\A0032025.exe

This time, I quarantined it.

Would love to know why the background scan found that file but the user-initiated full system scan did not find it.

HTH, many thanks :slight_smile:

What version of XP are you using? Did you try step 5 of Windows XP Professional using the NTFS File System on a Workgroup or Standalone Computer : Clear the Use simple file sharing (Recommended) check box?

Hi.

Why on earth must you have access to the restore files? Why can’t the virus scanner automatically quarantine all viruses?

I have the same problem as scanreg and another member. The window is open for such a short time, that most of the viruses Comodo has found, are simply “detected”, and after that, I can do nothing about them. Does this mean that they are simply detected, but are still free to do whatever their malicious makers made them to do? Why isn’t the default choice to quarantine or remove? How can I change that?

This is a frustrating feature, because none of the virus programs I’ve used before, have such a problem. Otherwise Comodo seems good.

Regards, Mr. Mole

System restore cannot be accessed with the default settings of Windows. It’s a design choice.

I have the same problem as scanreg and another member. The window is open for such a short time, that most of the viruses Comodo has found, are simply "detected", and after that, I can do nothing about them. Does this mean that they are simply detected, but are still free to do whatever their malicious makers made them to do? Why isn't the default choice to quarantine or remove? How can I change that?

This is a frustrating feature, because none of the virus programs I’ve used before, have such a problem. Otherwise Comodo seems good.

Regards, Mr. Mole

You can change how Comodo acts when a virus has been found. Go to Anti Virus → Scanner Settings. There you can set for each type of scan how CIS should behave when a virus is found.