Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What Does It Mean to Quarantine Malware? And Is It Safe?

It means the system’s working.

by

A quarantine keeps you safe from malware.
A dimly lit prison cell. Inside the cell stands a hacker figure wearing a hoodie and holding a laptop, looking apprehensive. A bold sign reading 'Quarantine' hangs above the cell door.
(Image: DALL-E 3)
Question: What does it mean to quarantine something? Why is it done, etc.?

Almost all security software includes the concept of quarantining malware once it is found.

Let’s dive into what happens when something gets quarantined.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Quarantining malware

Quarantining keeps suspicious files harmlessly locked away by your security software. The malware can’t run or spread while in quarantine, but the files are still available in case of a false positive. The biggest risk? Accidentally releasing it yourself.

Malware found!

When your security software discovers suspected malware on your machine, it must take action. The two most important things it can do are:

  • Tell you about it so you know what’s going on.
  • Get rid of it so you don’t need to worry about it.

But there’s a third option between doing nothing and completely removing the malware: placing it in quarantine.

Windows Security: Quarantine,
Windows Security’s protection history report. (Screenshot: askleo.com)

Quarantine

A quarantine is nothing more than a special location on your hard disk. Yes, the malware is still on your hard disk, but that’s okay. This “special location” (which varies between security tools) has some important characteristics.

Anything in quarantine cannot be run. Malware is software, and in order to infect your computer, it must be able to be run. Any malware placed in quarantine is completely impotent.

Anything in quarantine cannot be accessed by anything other than the security software that put it there. If the malware is, for example, a component of something else on your machine that could try to run it, that can’t happen.

Anything in quarantine is altered. By that I mean the file(s) that make up the malware could be encrypted or altered such that they look nothing like their original state. This is yet another way to ensure the malware can’t run or be used by anything else on your machine.

Why not just delete it?

If “get rid of it” is one of the two most important things that security software might to do once it has discovered malware, why doesn’t it do that immediately?

In a word: undo.

Like so many things, malware scanning is an inexact science. It’s good but never perfect. It’s possible for security software to incorrectly flag something as malware and quarantine it even though it’s not malware at all. Placing it in quarantine gives you the ability to restore the file should you find that’s the case.

It’s also a way for malware to be made available to researchers. Some security software even uploads discovered malware to their own servers for analysis and to improve future detection.

Risks

There’s nearly zero risk in malware being quarantined instead of outright removed. Doing so acts as kind of a safety net.

However, “nearly zero” isn’t zero.

The biggest risk in quarantining a file is the possibility that you or I might restore it — un-quarantine it — when we shouldn’t. Doing so renews the risk of the malware as if the security software hadn’t detected it at all.

Do this

This is rarely something you need to pay attention to. Most security software silently handles all this in the background for you.

However, should you ever run across malware that’s been quarantined, now you know what that means and why you needn’t be concerned.

I take that back: there is something to pay attention to. If something’s been quarantined, that means that malware made it onto your computer. That indicates the need to pay attention to your security practices in the future.

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

Download (right-click, Save-As) (Duration: 3:59 — 3.7MB)

Subscribe: RSS

Related Video

3 comments on “What Does It Mean to Quarantine Malware? And Is It Safe?”

  1. May GOD BLESS You for the enlightening writeup, but a question, You say “It is a way for malware to be made available to researchers. Some security software even uploads discovered malware to their own servers for analysis and to improve future detection.” Why isn’t this analysis process to improve future detection too automatic so that there is no need to keep a stink , ina prison-quarantine in our computer? Why so That too in this NOW age of AI?

    Reply

    • It is automatic, but we as the article points out, it can be wrong. You need the ability to restore miss-flagged spam from your mailbox.

      And this is not yet the “age of AI”. While it’s cool, and can help certain things, it still also makes mistakes. Lots of them. I expect that’ll improve over time, but then … so will the malware authors.

      Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Additional information is available at https://askleo.com/creative-commons-license/.