Quarantine And Restore
I did a test:
- I set Bitdefender Shield to Actions: move file to quarantine
- I pasted the Eicar test string in Notepad and tried to save it to a folder
- the file with the test virus was quarantined. Good.
- I went to restore option, the file was restored for a microsecond then deleted again by antivirus
Is this the correct behaviour?
Comments
-
Hello
The file was restored in the same location? Also, the second time was sent to quarantine or deleted?
Thank you!0 -
Hello
The file was restored in the same location? Also, the second time was sent to quarantine or deleted?
Thank you!
I did another test.
- Got a zip file with an infected one inside
- extracted zip inside a folder
- virus file detected and quarantined
- told BD to restore it
- virus file restored in same folder for a microsecond (I could see it), and immediately deleted and quarantined again
What if I want to keep my virus alive?
0 -
OK, found what happens:
- the above behaviour happens when I extract from zip files. Probably because BD goes through a tmp???
- I disabled AV, extracted zip to folder. Virus is there
- Turned ON AV, virus detected and quarantined. Good!
- Told to restore and virus restored alive and kicking in original folder
So, now I understand it and I am happy....
Thanks. Consider it closed.0 -
AstroMax, nice investigative work
yet it seemed to me that you had to go through allot of hoops, clicking and ticking just to get a folder to restore to its original location. What happens when we (I) have a false positive quarantined (how I have On-scanning action set; quarantine), is that going to be the normal course of procedures to restore the file back (then adding it to exclusions)? yikes 
0 -
AstroMax, nice investigative work yet it seemed to me that you had to go through allot of hoops, clicking and ticking just to get a folder to restore to its original location. What happens when we (I) have a false positive quarantined (how I have On-scanning action set; quarantine), is that going to be the normal course of procedures to restore the file back (then adding it to exclusions)? yikes
As far as I understand, the Restore procedure (after quarantine) does work, BUT not if you extract from a compressed file (as I wrote, probably BD tries to restore it through tmp, then deletes it again).0 -
Thanks for your follow up thoughts, as I haven't worked to much with restoring a quarantined file, let alone a compressed /zip file as in your investigative work
0 -
I did another test.
- Got a zip file with an infected one inside
- extracted zip inside a folder
- virus file detected and quarantined
- told BD to restore it
- virus file restored in same folder for a microsecond (I could see it), and immediately deleted and quarantined again
What if I want to keep my virus alive?
So you want to say that the first time BD detect the virus and quarantine it as you selected in RTP, and second time when you try to restore the same file from Quarantine, BD again detect it and then delete it rather than to re-quarantine?
And what do you mean by “delete and quarantine again”? Only one action can be done by Bitdefender either quarantine or delete. I think the infected file should be quarantine upon both detections scenarios.
Did you check the detail in the Events for both detections?0 -
So you want to say that the first time BD detect the virus and quarantine it as you selected in RTP, and second time when you try to restore the same file from Quarantine, BD again detect it and then delete it rather than to re-quarantine?
And what do you mean by “delete and quarantine again”? Only one action can be done by Bitdefender either quarantine or delete. I think the infected file should be quarantine upon both detections scenarios.
Did you check the detail in the Events for both detections?
Well, try yourself!
I mean:
1) yes, exactly so.
2) I mean: deleted from folder where it should be restored and quarantined again
3) yes, I did check.
My point is that if it is a false detection of a file in a compressed archive and I want to extract it and keep it, it seems that BD does not allow me to!0 -
Hello Max
Can you confirm if this is reproducing with the latest product update?
http://forum.bitdefender.com/index.php?sho...mp;#entry157184
http://forum.bitdefender.com/index.php?showtopic=35499
Thank you!0 -
Not solved yet.
0 -
Hello
For now, we changed the description for the Event generated and there the user is instructed to create an exclusion manually.
I will keep you up to date when new changes will be made in the product.
Take care.0
