AntiVir Premium Overview :: How to…

Reacting to detected viruses and malware

For the individual protection components of AntiVir Premium, you can define how AntiVir Premium reacts to a detected virus or unwanted program in the configuration under the section Action for concerning files.

Scanner options:

In interactive action mode, the results of the Scanner scan are displayed in a dialog box. This option is enabled as the default setting.
When scanning for rootkits, boot sector viruses and when scanning active processes, a dialog box appears in which you can select what to do with the infected object.
When scanning files, the notification and selection option for dealing with the relevant files depends on the notification mode selected:
Notification mode: Combined

In combined notification mode you will receive an alert with a list of the relevant files detected when you have completed the file scan. There is no selection option for handling the relevant files. You can execute the default action of Scanner for all infected files or cancel Scanner.

Notification mode: Combined (expert)

In expert notification mode you will receive an alert with a list of the relevant files detected when you have completed the file scan. You can use the content-sensitive menu to select an action to be executed for the various files affected. You can execute the standard actions for all affected files or cancel the Scanner.

Notification mode: Individual

In individual notification mode, every virus detected during the file scan is reported in a separate window. You can choose what to do with the relevant file in the dialog box.

In automatic action mode, when a virus or unwanted program is detected, the action you selected in this area is executed automatically. If you enable the option Display alert, you will receive an alert whenever a virus is detected, indicating the action carried out.

Options for Guard, MailGuard, WebGuard:

In interactive action mode, if a virus or unwanted program is detected, a dialog box appears in which you can select what to do with the infected object. This option is enabled as the default setting.

In automatic action mode, when a virus or unwanted program is detected, the action you selected in this area is executed automatically. If you enable the option Display alert, you will receive an alert whenever a virus is detected, indicating the action carried out.

In interactive action mode, you can react to detected viruses and unwanted programs by selecting an action for the infected object, displayed in the alert, and executing the selected action by clicking Confirm. The following actions for handling infected objects are available for selection:

Note
Which actions are available for selection depends on the operating system, the protection components (AntiVir Guard, AntiVir Scanner, AntiVir MailGuard, AntiVir WebGuard) reporting the detection, and the type of malware detected.

Actions of Scanner and Guard:

The file is repaired

This option is only available if the infected file can be repaired.

The file is packaged into a special format (*.qua) and moved to the Quarantine directory INFECTED on your hard disk, so that direct access is no longer possible.  Files in this directory can be repaired in Quarantine at a later data or, if necessary, sent to Avira GmbH.

The file is deleted but can be recovered with the appropriate tools (e.g. Avira UnErase). This allows the virus signature to be recovered. This process is much quicker than overwrite and delete. If a boot sector virus is detected, this can be deleted by deleting the boot sector. A new boot sector is written.

The file is overwritten with a default template and then deleted. It cannot be restored.

The file is renamed with a *.vir extension. Direct access to these files (e.g. with double-click) is therefore no longer possible. Files can be repaired and given their original name at a later time.

Avira AntiVir Premium takes no further action. The infected file remains active on your computer.

Warning
This could result in loss of data and damage to the operating system! Only select the Ignore option in exceptional cases.

Action option for detection by Guard: Access to the infected file is blocked. The detection is only entered in the report file if the report function is enabled).

Action option for a rootkit detection: The detection is copied in Quarantine.

Action option for detection of a suspicious process: The process is terminated. A dialog box opens in which you can choose what to do with the executable file.

Actions of MailGuard: Incoming emails

The email including all attachments is moved to quarantine. The affected email is deleted. The body of the text and any attachments of the email are replaced by a default text.

The affected email is deleted. The body of the text and any attachments of the email are replaced by a default text.

The infected attachment is replaced by a default text. If the body of the email is affected, it is deleted and also replaced by a default text. The email itself is delivered.

The infected attachment is placed in Quarantine and then deleted (replaced by a default text). The body of the email is delivered. The affected attachment can be delivered later by the Quarantine manager.

The affected email is delivered.

Warning
This could allow viruses and unwanted programs to access your computer system. Only select the Ignoreoption in exceptional cases. Disable the preview in your mail client, never open any attachments with a double click!

Actions of MailGuard: Outgoing emails

The email, together with all attachments, is copied to Quarantine and is not sent. The email remains in the outbox of your email client. You receive an error message in your email program. All other emails sent from your email account will be scanned for malware.

The email is not sent and remains in the outbox of your email client. You receive an error message in your email program. All other emails sent from your email account will be scanned for malware.

The affected email is sent.

Warning
Viruses and unwanted programs can penetrate the computer system of the email recipient in this way.

Actions of WebGuard:

The website requested from the web server and/or any data or files transferred are not sent to your web browser. An error message to notify you that access has been denied is displayed in the web browser.

The website requested from the web server and/or any data or files transferred are moved to Quarantine. The affected file can be restored via the Quarantine Manager if it is of informative value or - if necessary - sent to the Avira Malware Research Center.

The website requested from the web server and/or the data and files that were transferred are forwarded on by WebGuard to your web browser.

Warning
This could allow viruses and unwanted programs to access your computer system. Only select the Ignore option in exceptional cases.

Note
We recommend that you move any suspicious file that cannot be repaired to Quarantine.

Note
You can also send files reported by the heuristic to us for analysis.
For example, you can upload these files to our website:http://www.avira.com/sample_upload
You can identify files reported by the heuristic from the designation
HEUR/ or HEURISTIC/ that prefixes the file name, e.g.: HEUR/testfile.*.