Applies to:Kaspersky Anti-Virus 6.0 for Windows Workstations MP4
Kaspersky Anti-Virus 6.0 SOS MP4
Kaspersky Anti-Virus 6.0 for Windows Servers MP4
Quarantine is a special storage for suspicious (probably infected) objects.
Suspicious objects are objects which are suspected to be infected with a virus or its modification.
It is not always possible to definitely determine if an object is infected or not.
- Analyzed object code resembles a known threat but some part of it is modified.
- Application databases contain the threats which are already known to Kaspersky Lab specialists. If a malicious program has been modified but such modifications are not in the database yet, Kaspersky Anti-Virus will recognize such an object infected with a modified malicious program as probably infected and will indicate what threat this infection resembles.
- Analyzed object code structure resembles that of a malicious program, but databases do not contain anything similar.
It may be a new type of threats, so Kaspersky Anti-Virus will recognize such an object as probably infected.
The module responsible for recognition of possibly infected files is the heuristic code analyzer.
Probably infected objects may be detected and quarantined by a Virus Scan task, or by File Anti-Virus, Mail Anti-Virus, and Proactive Defense.
Objects are moved (not copied) into Quarantine. It means that the object is deleted from a disc or an e-mail and saved in the quarantine folder.
Quarantined files are stored in internal binary formats. So they cannot be a threat.
Kaspersky Anti-Virus 6.0 for Windows Workstations/SOS/Servers MP4 places the quarantined files into the following folder:
- for Windows Vista\7\Server 2008: Disk:\ProgramData\Kaspersky Lab\AVP60MP4\QB
- for Windows2000\XP\Server 2003: Disk:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP60MP4\QB
You can restore files from quarantine using another PC. Just copy the quarantine files from this folder into the corresponding folder at the other PC.
To make copying of files from the quarantine (from the folder) possible, disable self-protection of your Kaspersky Lab product(s).
What can be done with quarantined objects:
- Add files that you suspect to be infected with viruses;
- Scan and disinfect all quarantined suspicious objects using the actual database;
- Restore files into a user-specified folder or into the folder from which they were moved into quarantine (by default);
- Delete quarantined objects or groups of objects.
You can configure the following quarantine parameters:
- Schedule a quarantined objects scan task to run each time the databases are updated.
Kaspersky Anti-Virus cannot scan quarantined objects immediately after updating application databases, if you are working with quarantine at the same time.
All the objects determined to be non-infected by a virus scan, are automatically restored to their original location.
- Set the maximum time period to store quarantined objects and copies of objects in the backup storage. This parameter is common for quarantine and backup storage.
By default, the time period to store objects is:
- for Kaspersky Anti-Virus 6.0 for Windows Workstations/SOS MP4 – objects will be deleted within 30 days.
- for Kaspersky Anti-Virus 6.0 for Windows Servers – objects will be deleted within 90 days.
You can change the maximum storage time or disable the limit at all.
Maximum storage time is allowed to be between 1 and 9999 days.
- Set the maximum size of the data storage. This parameter is common for quarantine and backup storage.
By default, the maximum size is set to 1000 MB.
You can change the maximum storage size or disable the limit at all.
Maximum storage size is allowed to be between 1 and 9999 MB.
Note: This article is illustrated with a screenshot taken from Kaspersky Anti-Virus 6.0 for Windows Workstations MP4. The same window of Kaspersky Anti-Virus 6.0 for Windows Servers MP4 and Kaspersky Anti-Virus 6.0 SOS MP4 looks the same except for the number of components in the section Protection.