cancel
Showing results for 
Search instead for 
Did you mean: 

Malware quarentine traces removal

Scholar

Malware quarentine traces removal

Hi

 

While F secure quarentine the malware will it remove all its traces or only original file.

 

thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Superuser

Betreff: Malware quarentine traces removal

Hi,
"Removing all traces" would mean to exactly know the malware, to know what it did and what it is able to do. Also many malware load new modules that could leave a new trace.

This could be possible for known malware but requires deep analysis of the samples. Unfortunaltely thais can only be done for a fraction of the samples submitted each day.

Also in many cases "suspicious" binaries get quarantined. If a registry enrtry points to that binary that will be quarantined as well.


A deep analysis can be requested via your partner or support.

Depending on if and how deep a competitor did an analysis of the same binary his security soulution might still detect and aletrt on other traces, but would certainly fail to sanitise the binary, as it is already in F-Secure's quarantine.

 

So the short answer is "F-Secure will quarantine as much as known, ensuring that the file in question can no longer be started".

If you in doubt of a specific sample please escalate to your partner or support.

 

BR
M.

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de

2 REPLIES
Superuser

Betreff: Malware quarentine traces removal

Hi,
"Removing all traces" would mean to exactly know the malware, to know what it did and what it is able to do. Also many malware load new modules that could leave a new trace.

This could be possible for known malware but requires deep analysis of the samples. Unfortunaltely thais can only be done for a fraction of the samples submitted each day.

Also in many cases "suspicious" binaries get quarantined. If a registry enrtry points to that binary that will be quarantined as well.


A deep analysis can be requested via your partner or support.

Depending on if and how deep a competitor did an analysis of the same binary his security soulution might still detect and aletrt on other traces, but would certainly fail to sanitise the binary, as it is already in F-Secure's quarantine.

 

So the short answer is "F-Secure will quarantine as much as known, ensuring that the file in question can no longer be started".

If you in doubt of a specific sample please escalate to your partner or support.

 

BR
M.

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de

Scholar

Betreff: Malware quarentine traces removal

Thanks for the details