Can I delete what my anti-malware program puts into its quarantine?
Typically, yes. But first, it’s important to understand just what quarantine is and why it exists.
Become a Patron of Ask Leo! and go ad-free!
The quarantine area
One thing that anti-malware scanners do is identify files on your computer that may be, or may be infected with, malware.
What those programs typically do then, if possible, is move those files to a safe area, often renaming them in the process so that they don’t get accidentally run. That safe area is often called a quarantine area, or a vault, or any other number of synonymous terms.
There are two problems that the quarantining process solves. One, you might actually still need that infected file. Or two, the anti-malware tool could be wrong.
The first case is rare, but consider this scenario: your only copy of an important document is somehow flagged as containing a virus. You don’t want that document to be deleted. You want it to be saved somehow so that you, or perhaps a professional, can extract what you want from that document, thereby removing the virus from the file.
Anti-malware tools typically don’t know how to fix individual files that way since it typically requires specialized knowledge of the file itself. Anti-malware tools can really only say, “This file has malware”, and then take steps to protect you from it by placing it into a quarantine.
Of course, if you back up regularly, you may not need to recover a document like this from the quarantine, because you could recover it more easily from a previous backup.
Mistakes can be made
Malware scanning is incredibly complex and it’s very possible for malware tools to mistakenly flag something as malware when it isn’t. That’s what we call a false positive. What you want to be able to do then is to restore the file back to where it belongs.
So, the quarantine exists as a place for you to review what your anti-malware tool has found. If there’s nothing there that you want to keep, deleting is in fact the recommended action.
Remember that as long as you’re also backing up regularly, deleting is even less risky. You can always recover files that you’ve mistakenly deleted from a recent backup taken prior to the infection.
Another use for the quaranteen is when the anti-virus find what it found as been a potentialy new virus discovered by the so called euristic scan.
This is a maybe positive.
That file is then encrypted and sent to the devloper for further investigation. You should keep those. If they are false alerts, after some time, they should be automaticaly restored.
That’s “heuristic”. Not sure if a typo, but wanted to clarify.
most files quarantined are an unitelligible string of letters numbers and such. unintelligible to me anyway. How do you find out what the file is for?
If your anti-malware tool doesn’t tell you, you may not be able to.