Confused : All threads cleaned

[novice 20]

Did a full computer scan and the final message is :

Threads found 36 (Cleaned :All) 

 

So , in fact what happened?

1. all 36 threads were cleaned , the "malware component" has been removed and the files are still in place

OR

2. all 36 threads were deleted permanently

OR

3. all 36 threads were moved to Quarantine

 

Wouldn't be much easier to have some sort of explanation ?

Example:  Threads found 36 (Deleted 6 ; Cleaned 22: Moved to Quarantine 8) 

[Marcos 4,707]

Cleaning means:
1, placing a copy of the original file to quarantine
2, deleting the whole malicious file or cleaning the malicious code in case of VBA macro malware or sanitizing the file in case of file infectors (viruses)
3, removing references to the malicious file from the registry as well as fixing possibly malicious modifications in the registry.

[novice 20]

Cleaning means "any" of 1,2,3 or all of them at the same time ??

In 2,  there is "deleting the whole malicious file or cleaning the malicious code ...   or sanitizing the file " . How an user is supposed to know which "or" happened?

Wouldn't be more logical to know EXACTELY what happened????

 

[Marcos 4,707]

You don't have to care what action was exactly performed, otherwise you'd have to distinguish between clean files infected with a parasitic virus and other kind of threats that contains only malicious code.

The point is that cleaning means removing the malicious code, ie. either the whole file or the malicious code added to otherwise legitimate files and also removing all references to the malicious file from the registry. A copy of the original file is always put into quarantine so that it could be restored later, if needed.

[novice 20]

30 minutes ago, Marcos said:

You don't have to care what action was exactly performed, otherwise you'd have to distinguish between clean files infected with a parasitic virus and other kind of threats that contains only malicious code.

Somebody who wants ESET because is highly customizable ( I count more than 120 parameters) most likely is interested to know WHAT EXACTELY HAS BEEN DONE.

 

[itman 1,541]

3 hours ago, claudiu said:

Somebody who wants ESET because is highly customizable ( I count more than 120 parameters) most likely is interested to know WHAT EXACTELY HAS BEEN DONE.

Malware cleaning in Eset is somewhat of an "academic" discussion. In all the years I have used Eset, it has never found malware via a scheduled or manual scan. All malware I have encountered was either blocked prior to download or upon initial file creation.

Cases such as the OP posted where 36 malware were found occur at Eset installation time when the initial detailed scan is performed. I would imagine most of those folks were previously using an AV of such quality as ... or  ...

Edited May 19, 2018 by Marcos
Concrete names of AVs removed

[novice 20]

4 hours ago, itman said:

Cases such as the OP posted where 36 malware were found occur at Eset installation time when the initial detailed scan is performed

Exactly! Usually I cancel this scan, but this time I was busy An ESET finished the scan, scanning all my "Test" folders. 36 "potentially unwanted" were found, unfortunately I really want to keep them.

Back to the subject in hand , I do not like the philosophy "You don't have to care what action was exactly performed".

In fact I DO CARE very much about what action was exactly performed; that' why I spend time to set "Threat sense" in a hundred places.

If a file was "disinfected" I would rather install it again as new, rather than having a "disinfected" one.

So, if this is the idea, why not having a big red button on the end of the scan with a "FIX ALL" message????