Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can I Delete What My Anti-malware Program Puts in Quarantine?

Question:

Can I delete what my anti-malware program puts into its quarantine?

Typically, yes. But first, it’s important to understand just what quarantine is and why it exists.

Become a Patron of Ask Leo! and go ad-free!

The quarantine area

One thing that anti-malware scanners do is identify files on your computer that may be, or may be infected with, malware.

What those programs typically do then, if possible, is move those files to a safe area, often renaming them in the process so that they don’t get accidentally run. That safe area is often called a quarantine area, or a vault, or any other number of synonymous terms.

There are two problems that the quarantining process solves. One, you might actually still need that infected file. Or two, the anti-malware tool could be wrong.

VaultThe first case is rare, but consider this scenario: your only copy of an important document is somehow flagged as containing a virus. You don’t want that document to be deleted. You want it to be saved somehow so that you, or perhaps a professional, can extract what you want from that document, thereby removing the virus from the file.

Anti-malware tools typically don’t know how to fix individual files that way since it typically requires specialized knowledge of the file itself. Anti-malware tools can really only say, “This file has malware”, and then take steps to protect you from it by placing it into a quarantine.

Of course, if you back up regularly, you may not need to recover a document like this from the quarantine, because you could recover it more easily from a previous backup.

Mistakes can be made

Malware scanning is incredibly complex and it’s very possible for malware tools to mistakenly flag something as malware when it isn’t. That's what we call a false positive. What you want to be able to do then is to restore the file back to where it belongs.

So, the quarantine exists as a place for you to review what your anti-malware tool has found. If there’s nothing there that you want to keep, deleting is in fact the recommended action.

Remember that as long as you’re also backing up regularly, deleting is even less risky. You can always recover files that you’ve mistakenly deleted from a recent backup taken prior to the infection.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

4 comments on “Can I Delete What My Anti-malware Program Puts in Quarantine?”

  1. Another use for the quaranteen is when the anti-virus find what it found as been a potentialy new virus discovered by the so called euristic scan.
    This is a maybe positive.
    That file is then encrypted and sent to the devloper for further investigation. You should keep those. If they are false alerts, after some time, they should be automaticaly restored.

    Reply
  2. most files quarantined are an unitelligible string of letters numbers and such. unintelligible to me anyway. How do you find out what the file is for?

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.