Detection :: Guard

If viruses are detected by Guard, you will receive an alert if you have selected interactive mode or automatic mode as the action mode for virus detection with the Display Alert option (see the configuration section Guard::Scan::Action on detection). In interactive mode you can choose what to do with the relevant file in the dialog box . There is no selection option for handling the detected virus in automatic mode with alert. The action that was automatically executed is displayed in the message.

The dialog shown below is a message about the detection of a virus in interactive mode.

Alert message

Name and path of the currently detected virus or unwanted program

The name and path of the currently detected virus or unwanted program is displayed in the middle window of the message.


If the detection is a heuristic hit (HEUR/), an unusual runtime compression tool (PCK/) or a file with a hidden file extension (HEUR-DBLEXT/), only the options Move to quarantine and Ignore and Deny access are available in >interactive mode. In automatic mode the detection is automatically moved to quarantine folder.
This restriction prevents the detected files, which may be a false alarm, being directly removed (deleted) from your computer. The file can be recovered at any time with the aid of the Quarantine Manager.


If this option is enabled, the Guard repairs the affected file.

The option Repair can only be enabled if a repair of the detected file is possible.

Move to quarantine

If this option is enabled, the Guard moves the file to quarantine. The file can be restored from the Quarantine Manager if it is of informative value or - if necessary - sent to the Avira Malware Research Center. Depending on the file, further selection options are available in the Quarantine Manager.


If this option is enabled, the file is deleted but can be restored if necessary with appropriate tools (e.g. Avira UnErase). The virus pattern can still be detected again. This process is much quicker than "overwrite and delete".

Overwrite and delete

If this option is enabled, the Guard overwrites the file with a default pattern and then deletes it. It cannot be restored.


If this option is enabled, the Guard renames the file. Direct access to these files (e.g. with double-click) is therefore no longer possible. Files can later be repaired and given their original names again.

Deny access

If this option is enabled, the Guard only enters the detection in the Report file if the Report function is enabled. In addition, the Guard writes an entry in the Event log, if this option is enabled.


If this option is enabled, access to the file is allowed and the file is left as it is.

The affected file remains active on your workstation! It may cause serious damage on your workstation!

Note the selected action for this file (dangerous).

When this option is enabled, the selected action is executed without warning when attempts are subsequently made to access the file. The selected action will be saved and called up for this file by Guard before the next search engine update or before the Guard service is restarted.

The selected action is saved for a specific file (path and file name).

This option is not available for files that can be repaired or for heuristic hits and is therefore not displayed.

Buttons and links

Button / link


With this link - and with an active Internet connection - you can access an Internet page with further information on this virus or unwanted program.

This page of the online help is opened via this button or link.