What To Do When An On-Demand Security Scanner Finds Something

Many, as part of their routine PC maintenance, run on-demand security scans of their systems or drives on a regular basis.

Most security programs (anti-virus, anti-spyware, anti-malware, anti-trojan,  etc) offer this feature. They include quick scans, full scans, or custom scans of their systems. The following instructions only apply to situations where a routine scan by a trusted scanner unexpectedly detects something "bad".

If your scanner detects something (infection, malware, spyware, adware, trojan, virus, unwanted program, etc) do not panic! You will likely be offered the option to either Delete, Quarantine or Ignore this detection, be it a file, a folder, or a registry entry. 

If your PC is otherwise running normally there is a good chance that the object(s) detected are so-called False Positive(s). These occur when your scanner wrongly detects a legitimate object (file, folder, registry entry) as an infection. Unfortunately all scanners do this on occasion. If these legitimate objects detected happen to be important system or program files, and you delete or even quarantine them, you can cripple or even crash the program. In the worst-case scenario, you can even crash your system, rendering your PC unusable.

When configuring your scanner, always set it to "alert", not to automatically "delete", "heal" or "quarantine",  if possible. As a general rule, do not run "deep" or "full" scans routinely, but choose the "quick" scan option. The deeper the scan, the greater the chance of False Positive detections.

1) First, most scanners will offer to save any scan results to a log-file or report. You should always do this before doing anything else. Make a note of the location where this report/logfile is stored. Also note the file-path to the object of anything detected: e.g: C:\Windows\System32\<'badfile detected'> (where 'badfile detected' is the object your scanner detected).

2) Do NOT Quarantine or Delete anything detected without investigating further. Remember, if your system was working well prior to this routine scan, it will work just as well after your scan, and will give you time to investigate. (On-demand routine scans by legitimate security programs do not activate malware!) Select "Ignore", pending further investigations.

3) Depending on your level of expertise, further investigation of the object or file detected involves  several options:

- The more advanced user can upload the file detected to an on-line website which checks the file submitted against several other scanners, to determine if it is a False Positive. Such websites include virusscan.jotti ( http://virusscan.jotti.org/en ), or virustotal.com ( http://www.virustotal.com/ ). If none of the other scanners at these sites find your file suspicious, the odds are that it is a False Positive detection, that you can ignore.

- Alternatively, log on to the support forum for the program that found the file (most scanners have such forums, listed under "Help") and see if others are experiencing and/or questioning the same detection as a possible False Positive. Most False Positives are quickly corrected by the vendor with subsequent definition/signature/program updates.

- The less experienced user can always post to any security forum, such as Dell's "Virus and Spyware Discussions" forum, the logfile of the scan previously saved, for further instructions: http://en.community.dell.com/forums/3522.aspx
-------------------------------------------------------

To summarize:

If your system is running well, and a routine on-demand scan detects something, do NOT rush to Delete or Quarantine it.

Investigate, or ask for help first.