Jump to content
vs2015sv

Unable to Delete Quarantine

Recommended Posts

I have a few machines that continue to report threats detected / quarantined in my email notifications weekly.

When I go to the machines and attempt to delete the quarantine, nothing happens.

 

I read somewhere that you can go into "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine" and delete the files, but that is not acceptable.

Unfortunately, you can not delete the threats from the console or the endpoint via malwarebytes (what good is this).

 

Anyone know why this is happening?

 

Thanks

Edited by vs2015sv

Share this post


Link to post
Share on other sites

The quarantine cannot be deleted on the endpoints from the console. It is actually our recommendation to not delete the quarantine in case a detection turns out to be a false positive. The items sent to quarantine are stripped of their extension and encrypted, leaving them no chance to run, the items are also not very large in size at all. If you wish to delete them still, you will need to do it via a script or locally on the machine.

For tips on removal, if the items are the same thing, reoccurring, there's three possibilities as to the root cause;

  1. Your policy \ scanner settings are not set to tag those item types for proper removal.
  2. The items detected are browser pup's and hijacks that come back due to your user having browser sync enabled, common for Chrome. Malwarebytes removes the items, Chrome auto-sync puts it right back. A special tactic is needed for items like this, your user must sign out of their Chrome profile - https://support.google.com/chrome/answer/2390059?hl=en You then run a quick scan to remove the item, followed by resetting all of your users installed browsers. The hijack may jump over to say IE, and reinfect if that browser is opened.
  3. Repeat infections that don't follow scenario 1 and 2 are likely to be caused by rootkits and will require you to run your Malwarebytes Anti-Rootkit scanner utility provided in your download under Unmanaged \ Windows \ mbar-1.09.3.1001.exe. The location will be Standalone \ Windows \ mbar-1.09.3.1001.exe on older download packages. You can also download it any time at this link - https://www.malwarebytes.com/antirootkit/

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.