Hi, I am also using ClamSentinel 1.9 (was hoping for nice active protection).

It has quarantined a lot of essential files while installing MediaCoder. -this is not a big problem

It keeps making my usb flash drives "busy" and I was not allowed to format them. Had to override this trough MSDOS (thank you google search). -not a big problem

The problem is this:

Today I was copying some things to one of my usb flash drives and it quarantined several times some files located in D:\SYSTEM VOLUME INFORMATION\_RESTORE or D:\RECYCLER . I admit i'm not sure exactly what this is, but I know it looks suspicious. I will attach in quotes the quarantine log. Please give me some advice. I want to know if any damage was done and if yes how to fix it. That being said I think I will just give up on the sentinel and scan manually every now and then.



Thank you in advance!

This really isn't the forum to ask questions about Clam Sentinel. Sentinel is a separate project from Clamwin and has its own web page (with a Help forum). All I can say is to verify with Jotti or Virus Total any questionable files that are quarantined, some malware likes to hide in a Recycler folder, and you can exclude files, folders, and drives from Sentinel scans via the whitelist (paths or files not scanned). I also suggest you read the Sentinel Simple Guide. For any more advice, I suggest you visit the Sentinel Help forum.

Regards,

thank you for answering. it isnt really about the sentinel. i just want to know if i can delete those files in my quarantine. that is why i have added the log.

is D:\SYSTEM VOLUME INFORMATION\... just stuff that is being copied to an external drive? if not, what is it? I did mention the popup that files were quarantined showed during the copy process.

If it matters, all i copied were some silly games that had either pathches or some may have crack. One of those two might have been the trigger. But I really don't know since I did not check the files to see if they do or don't have this. I am just assuming.

Yes, I think you can safely delete the quarantined files--assuming everything has been working okay since the files were quarantined. Are you using drive D for anything? Judging from the number of detections, it sure looks like something was trying to infect it.

I suggest you also do a scan with a good virus cleaner--like Malwarebytes Free or Microsoft's free Safety Scanner (MSERT.exe). Both will do a better job of cleaning up than ClamWin and Sentinel. There could be some secondary infections or associated undetected malware.

Regards,

Alright, I'll delete them since everything worked fine so far. It's probably just the patches and/or cracks for those small games that were caught during the copy procedure. That's what system volume information refers to, right?

Also, are you basically just telling me I'm better of using a different antivirus? I recently had an infection and clamwin removed it, but after using Malwarebytes it found 4 more infections.

The system volume contains information about the system. It contains your system snapshots.

ClamWin with Clam Sentinel provides basic antivirus protection. The Clam AV signature database used by ClamWin does not contain as many signatures as the commercial AVs, so it can miss detecting a virus now and then--especially when a virus is new. Clam Sentinel supplements the Clam signatures with its own heuristic engine, which can detect a large amount of Windows PE file malware--whether it is new or not, even if there is no ClamWin signature for it. Clam Sentinel can not act fast enough to detect some quick-acting malware.

Malwarebytes uses heuristics that are very good at detecting malware after you get an infection. I use the paid, real-time version of Malwarebytes, and Sentinel is better at detecting downloaded malware files than Malwarebytes, but Malwarebytes does a good job of cleaning the original malware, ancillary malware, and even related malware registry entries. All ClamWin and Clam Sentinel can do is detect malware--they do not clean the registry.

If you use ClamWin and Clam Sentinel, I recommend you also do a regular scan with Malwarebytes, but I do not recommend using Malwarebytes by itself--you should use a regular AV with Malwarebytes--even with the paid verson.

If you use a lot of cracked software and torrent downloads, you are probably better off with one of the commercial AV programs.

Regards,

Thanks for taking the time to explain this to me. So the Sentinel was fine all along. After the trouble I read about a previous version of Clam AV quarantining most of the system and panicked a bit. Now I will reinstall the Sentinel and use Malwarebytes regularly. I did not know clamav and sentinel had different virus signatures.

Whereas I do use some cracked software or download torrents I consider myself familiar enough with computers that I can spot when something is not right. And so far, I have done ok.

Thank you again, Bob.

The ClamWin quarantine browser was developed as a result of the Clam AV signatures falsely detecting all those Windows files some time ago. You can restore falsely-detected files from quarantine with it. At the same time, ClamWin also added the ability to recognize files that have a valid Microsoft digital signature, so they are exempt from quarantine. Clam Sentinel also has the same 2 features. Also, do not use PUA detection option with either ClamWin or Clam Sentinel--many "good" files will be falsely detected, and PUA just isn't worth the trouble for Windows users. Let the AV concentrate upon "real" malware!

Lots of malware is changed frequently--sometimes hourly, to evade signature detection. Because of this, AVs have improved their heuristics and supplemented their signatures with other features. Any AV can use some extra help though and that is where Malwarebytes comes in. You need layered protection. I have successfully used ClamWin and Clam Sentinel with other AVs by excluding the ClamWin and Clam Sentinel program folders and the ClamWin data folder from the other AV's scans and excluding the other AV's program and data folders from Clam Sentinel's scans (also the other AV's signature and quarantine folder if they are not located in its data folder). This will minimize conflicts and resource use, although both Sentinel and the other AV will still sometimes kick in together. I recommend Microsoft Security Essentials, Panda Free Cloud, or Avira AntiVir. I've also used Immunet Free, but the free version doesn't have rootkit protection, and it uses more resources than it should--even with the Clam AV option not selected because you already have it with ClamWin.

Regards,