-
What is the rationale behind this? If I'm understanding correctly, it would be safer to keep it as to prevent re-infection. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Microsoft Defender knows what you have is malware via file hash and other characteristics, they are communicated back to the cloud too if necessary, so it doesn't need the actual file to exist. Quarantine means keeping something dangerous/potentially dangerous in a non-executable part of your system. Removing quarantined files after 1 day instead of keeping them forever because they might still pose a danger and somehow find a way to exploit an unknown vulnerability that we don't know about yet, so not taking any chances. It definitely doesn't prevent reinfection. If that was the case, then we'd have to keep a copy of every malware in the world in our computers so we wouldn't get infected/re-infected. At the end of the day, it's defense in depth strategy. |
Beta Was this translation helpful? Give feedback.
Microsoft Defender knows what you have is malware via file hash and other characteristics, they are communicated back to the cloud too if necessary, so it doesn't need the actual file to exist. Quarantine means keeping something dangerous/potentially dangerous in a non-executable part of your system. Removing quarantined files after 1 day instead of keeping them forever because they might still pose a danger and somehow find a way to exploit an unknown vulnerability that we don't know about yet, so not taking any chances.
It definitely doesn't prevent reinfection. If that was the case, then we'd have to keep a copy of every malware in the world in our computers so we wouldn't get infected…