What takes the system longer - DELETING a virus, or DETAINING it in quarantine because the reboot happens immediately, obviously too quick for it to be deleted, so maybe the best option is to attempt to quarantine first because I figure it would be quicker for the system to at least document the name of the virus file and path so if all else fails it can be manually found and deleted?
Sorry to post these in the wrong forum sections but this is the only section that I have access too (just joined).
Hi Charlie36,
First can you please be more specific about the access problem regarding the sections of the forum where you cannot post.
Then, the you have to understand that either actions deletion and quarantining are physical removal the flagged item from its base location
Therefore irrespectively, you have to be careful with both actions being sure you are removing what’s supposed to be removed.
Briefly the removal from the system area like \windows\ … \system32\ etc. could be dangerous
no mater whether the detection was False Positive or the real infection – you can damage you system beyond repair. Sometimes system will recover after Reboot sometimes not.
Always investigate if you see files flagged in the mentioned areas. The same can apply to the flagged Registry Entries
Then, definitely the deletion is the faster action because it is enough just to set a single bit in the “allocation table” that makes file to be “not present” None of the existing AVs as far as I know would do say the disk wiping where the file was resided.
The quarantine action takes more time because the file(s) or the registry entries are physically moved into special location where they are temporarily jailed.
Moreover – the next action that accompanies the process is an encrypting the jailed items.
Not all AVs and Anti-malware do that, but as far as I know – most of them.
Symantec, for example doesn’t do that … not sure about the very latest version though
So the latter action (the encryption) obviously takes additional time compare to the deletion.
Whether there is a big difference regarding the time you asked about - doesn’t matter in this context, but there is a difference.
Finally, regarding the “documenting the names of the viruses and pathes”
That is not the fact that AV does not keep track of the deleted items as well in its log file. So, you can know all about them post factum.
The recovery or the restoration though is an important feature of the quarantining but not included as supposed action after deletion
At the same time the recovery after the deletion is possible, but it has to be done by the 3rd party Software. The success is never quarantined 100%
My regards