Help - Search - Members
Full Version: Quarantine vs neutralize vs disinfect
Kaspersky Lab Forum > English User Forum > Protection for Home Users > Kaspersky Internet Security & Anti-Virus for Windows
colinwil99
Hello,

I have recently installed Kaspersky Internet Security 2011. The first thing I did was run a full system scan. This took 15 hours.

Once completed the application found some viruses. There was/is a Red notification at the top that says "Your computer security is at risk" and has a button named "Fix it now". Sadly whenever I click that button nothing happens - there is nothing to indicate the application recognizes my action.

I have rebooted my system twice and still this button does not respond. Eventually I figured out that I could click what turns out to be a big round button (I initially thought it was like a Light buld - Green for good Red for bad).

A new window opens and I an presented with a screen that says "Threats have been detected" and a button labeled "neutralize all". Again, when I click this button nothing seems to happen.

If I look at the details I see that I have 12 detected threats. It appears I should be able to "move to Quarantine" or "Disinfect all".

I'm not sure what the recommended next step is? What is the difference? The help file says this:
Move to Quarantine

This link allows you to open the standard window for moving the selected file to Quarantine
But it does not really help to explain what it does? If I click on the link I get a box and am prompted to open a file - but what file I don't know - and even if I did know, I don't know what would happen? Should I quarantine all viruses or just delete/disinfect/neutralize?

Alternatively I can disinfect all. Again, when I click this button nothing seems to happen (other than the button moving up and down). I assume this should effectively delete or remove the viruses. But I do wonder how this differs from neutralize.

In general I find the instructions quite light on details. For example the help file on Disinfect all says:

Disinfect all. Allows you to send all objects from the list of threats for disinfection.
This doesn't really say much to me aside from the obvious. What exactly happens when I disinfect something (as opposed to neutralize or quarantine)?

I'm sorry if this all sounds a bit thick, but I have been through the help files several times and searched these forums all with no luck. If I've missed the bleeding obvious please accept my apology. There appears to be a lot of help on "how to scan" and the like but really nothing on what to do next? And while I'm scanning, should I delete viruses as it's going along or wait the 15 hours until it's done.

Thank you,
richbuff
Welcome. When the scan completes, please post the full, complete detection details. Post screenshot of Detected > Active threats.
With columns widened to show full detected and name and object and path/location details.

How to take and post screenshot: PrtSc (Print screen) key (upper right part of keyboard)> open Paint (Start > All programs > Accessories) > Edit > Paste, File > Save as (jpeg or
png, Not bmp). When replying, Browse > click once to select file > Open > Upload > add reply.
dh27564
QUOTE(colinwil99 @ 5.06.2011 07:03) *
...Move to Quarantine


Move to Quarantine allows a user to locate a file he/she believes is infected but Kaspersky is missing. This is why you get the Browse box displayed when selecting Move to Quarantine. Most users will not need to manually quarantine a file as Kaspersky will automatically quarantine, disinfect, delete, etc. based on what it determines is the appropriate action.
stu99
I have the identical problem (to the letter) as Colinwil99.

I'm Running KIS 2011 and Vista Home Premium (32bit).

As suggested I have attached screenshot to help matters, the only thing missing is the extension ".exe" to the "filesystemscan" items and the "High" risk note.

I suspected the filesystemscan was a virus/malware and only opened the file in "Safe run for websites" and simply closed the safe run without saving.

What's strange is that the items in the "detected" report are also featured in the deleted and quarantine reports.

Like Colinwill99 pressing the "fix it", quarantine , neutralise or disinfect buttons has no effect whatsoever to the detected report items.

Any help would be gratefully recd.
richbuff
Welcome. Any Active threats?

Please right click the detections that appear in your screenshot, then select Delete or Clear or Remove. Then Exit Kaspersky via right click the red K tray icon, then reboot. Then scan again. Is Kaspersky status green after that?
colinwil99
QUOTE(richbuff @ 5.06.2011 14:17) *
Welcome. When the scan completes, please post the full, complete detection details. Post screenshot of Detected > Active threats.
With columns widened to show full detected and name and object and path/location details.

How to take and post screenshot: PrtSc (Print screen) key (upper right part of keyboard)> open Paint (Start > All programs > Accessories) > Edit > Paste, File > Save as (jpeg or
png, Not bmp). When replying, Browse > click once to select file > Open > Upload > add reply.


Thank you for the quick reply. Attached is screencap of the detected threats.
Click to view attachment
colinwil99
QUOTE(dh27564 @ 5.06.2011 14:28) *
Move to Quarantine allows a user to locate a file he/she believes is infected but Kaspersky is missing. This is why you get the Browse box displayed when selecting Move to Quarantine. Most users will not need to manually quarantine a file as Kaspersky will automatically quarantine, disinfect, delete, etc. based on what it determines is the appropriate action.


Thanks for the explanation - that seems to make sense and I guess I was just missing that key paradigm that to quarantine something is not an action related to the list of Active Threats.

So, having just looked at the report I see that the application seems to have quarantined a number of items on its own. This appears to be a good thing, but should I now disinfect or neutralize or delete these? screencap is attached.

Thanks again,

Click to view attachment
richbuff
Please clear your temporary internet files: http://support.microsoft.com/kb/260897

The items that are quarantined, in your second screenshot: Please do not remove them. They are quarantined, and can not harm your computer. They will be rescanned automatically, and if they are not malicious, you will receive a prompt to restore them. If they are not restored after 30 days, they will be automatically deleted.

Your first screenshot, Active Threats: Please right click the detections that appear in your first screenshot, then select Delete or Clear or Remove. Then Exit Kaspersky via right click the red K tray icon,
then reboot. Then scan again. Is Kaspersky on Green status, or still red after that?
stu99
QUOTE(richbuff @ 6.06.2011 00:01) *
Welcome. Any Active threats?

Please right click the detections that appear in your screenshot, then select Delete or Clear or Remove. Then Exit Kaspersky via right click the red K tray icon, then reboot. Then scan again. Is Kaspersky status green after that?




Followed instructions and we are back to normal with a "green" fully protected status.

Scanning after reboot took ages - over 15 hrs compared to previous 5hrs but we got the result we were after

Many thanks for your help.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.