• Anti Virus and Quarantines.
    7 replies, posted
Hello, I was interested in how Anti Virus's collect the data of virus's and "quarantine" them. How does the program take them from where the originally were and put them in a separate directory and the unwanted "virus" not get out and contaminate other files? I would like the technical answer. thanks --sykoticm
[QUOTE=Sykoticm;33829856]Hello, I was interested in how Anti Virus's collect the data of virus's and "quarantine" them. How does the program take them from where the originally were and put them in a separate directory and the unwanted "virus" not get out and contaminate other files? thanks --sykoticm[/QUOTE] Think of it like jail, Theres hundreds of guards making sure the prisoners dont escape. In a sense they are "Quarantined".
[QUOTE=Zerokateo;33829919]Think of it like jail, Theres hundreds of guards making sure the prisoners dont escape. In a sense they are "Quarantined".[/QUOTE] Legitimately, do you not know how? I would like the technical way. Sorry I didn't post that in the original post, let me edit it.
[QUOTE=Sykoticm;33830252]Legitimately, do you not know how? I would like the technical way. Sorry I didn't post that in the original post, let me edit it.[/QUOTE] The avast chest is a protected area (self-defence module in part), all files that are placed in there are encrypted. The only thing that can access and do anything within the chest is avast. Yes you can see the chest using explorer and can open it, but you won't see the original file name as avast also changes that, see image. So even if some piece of malware was in the chest, nothing knows the file name of the original malware, so even if it weren't encrypted as well you couldn't really run it. A clever virus or not, must first have a registry entry to run it or another piece of malware to run it (they can't run of their own volition), so it couldn't effectively extract it from the chest and decrypt it to enable it to be run, so files in the chest are not able to infect the host. I got this from another website but basically this is how it does it. [editline]21st December 2011[/editline] source: [url]http://forum.avast.com/index.php?topic=61462.0[/url]
[QUOTE=Zerokateo;33830274]The avast chest is a protected area (self-defence module in part), all files that are placed in there are encrypted. The only thing that can access and do anything within the chest is avast. Yes you can see the chest using explorer and can open it, but you won't see the original file name as avast also changes that, see image. So even if some piece of malware was in the chest, nothing knows the file name of the original malware, so even if it weren't encrypted as well you couldn't really run it. A clever virus or not, must first have a registry entry to run it or another piece of malware to run it (they can't run of their own volition), so it couldn't effectively extract it from the chest and decrypt it to enable it to be run, so files in the chest are not able to infect the host. I got this from another website but basically this is how it does it. [editline]21st December 2011[/editline] source: [url]http://forum.avast.com/index.php?topic=61462.0[/url][/QUOTE] Thank you for a further explanation, could anyone expand? or is that just it The encryption is what stops the virus from spreading since it cannot access its registry file?
[QUOTE=Sykoticm;33830426]Thank you for a further explanation, could anyone expand? or is that just it The encryption is what stops the virus from spreading since it cannot access its registry file?[/QUOTE] From what I've gathered yes the encryption is what stops the virus, if you go to the avast! forums you would probably get a better answer from them.
[QUOTE=Zerokateo;33830514]From what I've gathered yes the encryption is what stops the virus, if you go to the avast! forums you would probably get a better answer from them.[/QUOTE] Tanks for the help :) I'll look into it further and if i find anything interesting I'll post it here
I think this sandboxes the files (isolates them from the other files).
Sorry, you need to Log In to post a reply to this thread.