Can I Delete What My Anti-malware Program Puts in Quarantine?

//

Can I delete what my anti-malware program puts into its quarantine?

Typically, yes. But first, it’s important to understand just what quarantine is and why it exists.

Become a Patron of Ask Leo! and go ad-free!

The quarantine area

One thing that anti-malware scanners do is identify files on your computer that may be, or may be infected with, malware.

What those programs typically do then, if possible, is move those files to a safe area, often renaming them in the process so that they don’t get accidentally run. That safe area is often called a quarantine area, or a vault, or any other number of synonymous terms.

There are two problems that the quarantining process solves. One, you might actually still need that infected file. Or two, the anti-malware tool could be wrong.

VaultThe first case is rare, but consider this scenario: your only copy of an important document is somehow flagged as containing a virus. You don’t want that document to be deleted. You want it to be saved somehow so that you, or perhaps a professional, can extract what you want from that document, thereby removing the virus from the file.

Anti-malware tools typically don’t know how to fix individual files that way since it typically requires specialized knowledge of the file itself. Anti-malware tools can really only say, “This file has malware”, and then take steps to protect you from it by placing it into a quarantine.

Of course, if you back up regularly, you may not need to recover a document like this from the quarantine, because you could recover it more easily from a previous backup.

Mistakes can be made

Malware scanning is incredibly complex and it’s very possible for malware tools to mistakenly flag something as malware when it isn’t. That’s what we call a false positive. What you want to be able to do then is to restore the file back to where it belongs.

So, the quarantine exists as a place for you to review what your anti-malware tool has found. If there’s nothing there that you want to keep, deleting is in fact the recommended action.

Remember that as long as you’re also backing up regularly, deleting is even less risky. You can always recover files that you’ve mistakenly deleted from a recent backup taken prior to the infection.

4 comments on “Can I Delete What My Anti-malware Program Puts in Quarantine?”

  1. Another use for the quaranteen is when the anti-virus find what it found as been a potentialy new virus discovered by the so called euristic scan.
    This is a maybe positive.
    That file is then encrypted and sent to the devloper for further investigation. You should keep those. If they are false alerts, after some time, they should be automaticaly restored.

  2. most files quarantined are an unitelligible string of letters numbers and such. unintelligible to me anyway. How do you find out what the file is for?

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.