Hi Ralph. I wasn't trying to be flippant with my first reply. The WD
options can be confusing and I was emphasizing not to read any hidden
meanings in the options. To simplify things break WD down into a scanner
component and a real-time component. The help link which also talks about
Severe and not yet classified just adds to the confusion, so just think of
Severe as High and not yet classified as belonging to the real-time
component. I already covered Low, Medium and High. The apply default
actions box is only appropriate when you are initiating an automatic
(scheduled) scan. The important thing to understand is that when you check
the box to apply default actions, potential malware could be deleted with no
quarantine. That is a key point. Kazaa users who have had their entire
download libraries removed by WD know what I am talking about. I'll now try
to address your questions:
(1) Yes, if you leave the box unchecked WD will ask you what actions to take
even for example if the scan completed hours earlier. The real-time
component is not involved in the automatic or manual scan.
(2) Yes, for an automatic scan. For a manual scan the option doesn't apply;
WD will ask you what to do after the scan completes.
(3) Treat Severe as High with Remove. Not yet classified pertains to
real-time protection. Software Explorer also displays not yet classified
components.
(4) As indicated in my first reply, the general rule of thumb is Ignore for
Low, Ignore or Remove for Medium, and Remove for High. Again, no quarantine
will occur if you use the defaults.
Allowed items and items excluded from scanning will override the above
rules. Items can only be added to Allowed Items as a result of a scan, i.e.
real-time protection can not be used to put items in Allowed Items.
WD real-time alerts offer fewer options, e.g., Permit or Deny, Allow or
Remove All. These alerts are triggered by "not yet classified" programs in
Run Keys, shortcuts to malware in the Startup folder, port usage, changes to
the Hosts file, changes to the system registry, attempts to load/run malware,
etc. An important consideration is that WD still does not know about many
commonly used programs and will consider them to be "not yet classified".
This is a major shortcoming of the product, but it is improving with time.
Please feel free to ask any additional questions. Just hope I adequately
answered yours. If I did make some technical errors, I'm sure others in this
newsgroup will correct me.
"ralph" wrote:
> I am still uncertain about the meaning of default actions in WD.
> 1: Am I correct in thinking that if I uncheck in Options "Apply default
> actions to items detected during a scan", WD will ask me what action I wish
> it to take when it detects any malware duting either a manual or real time
> scan?
> 2: However if I do check the box, WD will take the action I have specified
> in the Default actions (ignore, remove or quarantine), at least for high,
> medium and low alert items, without first asking permission.
> 3: What does WD do for "not yet classified" and "severe" alert items if I
> have checked the "Apply default actions to items detected during a scan"
> box?
> 4: Finally, what does WD do if I have checked the "Apply default actions to
> items detected during a scan" box, but have left the Default actions as
> "Default action (definition based)".
> thanks....ralph
>
>
> "Mr Cat" <(E-Mail Removed)> wrote in message
> news:17950394-41D3-4319-96C0-(E-Mail Removed)...
> > My experience is mostly from the Beta days, but it is basically what I
> > have
> > said. Yes you could modify the defaults to quarantine for unattended
> > operation. But again, I don't use WD to fix malware problems.
> >
> > "Alan D" wrote:
> >
> >>
> >> "Mr Cat" wrote
> >>
> >> > If you let WD take default actions, it is going to remove your
> >> > malware without quarantine! I don't trust any anti-malware program
> >> > that
> >> > much. That is why I leave the check box empty - apply default actions
> >> > after
> >> > a scan.
> >>
> >> I didn't think it was quite so black and white, Mr Cat. For example, one
> >> could tick the 'default actions' box, and then set each of the 'low',
> >> 'medium' and 'high' options to 'quarantine'. That way, Defender would
> >> presumably automatically quarantine anything it found - wouldn't it?
> >>
> >> (Assuming, of course, which I now have some reason to doubt after the
> >> events
> >> described in my nearby thread, that it ever does actually detect
> >> anything!)
> >>
> >>
> >>
>
>
>
|
Similar Threads
