Actually the very first concern is to STOP the damage the virus is
doing. THEN decide what to do with/about it. It's a bit like splitting
hairs, but I explain a bit below.
Sometimes the flagged file is *not* a virus; that is, it's a false
positive. If this is a file you need, then if you delete it, you don't
have it anymore! If you are absolutely sure the file is malicious,
then you may empty the vault.
Good answer, Daave,
It's also possible that some malware is known to be detected as viral,
especially with legacy software. Unfortunately I can't think of an
example of it right now, but those programs always come with notes that
such and such may be detected as a virus, explain why, and advise you to
set your scanner to ignore that particular find ONLY.
Like I said though; legacy software. Anything produced today that
made such a claim would have a tough time selling their products. I
recall this possibilty becuase I used to use it; just can not for the
life of me recall the program! It's not the norm, but it does happen.
Also, sometimes after you catch a virus/malware, and look it up, it
IS sometimes something that's been welded into an application you
consider important. Sometimes, after researching what it is, the user
might decide the lesser of two evils is to let the malware run until he
can get a work-around in place, or at least long enough to get all the
necessary backups done. It's astounds me how few people actually will
not bother with a backup regimen these days.
And then of course, as you said, there is the possibility of a plain
old false positive. Antivirus with heuristic abilities turned on often
catches this sort of thing. Or just plain badly written software that
does things in a dangerous way but not maliciously, such as trying to
mess with something under DEP control (see Help & Support for more on
that).
You want that repository to be there so you can get it back once
you discover it's a false positive or for the other reasons mentioned.
IMO it's better, within reason, for AV software to err of the safe side
than to chance allowing a virus to get by because it erred in the wrong
direction. The repository becomes even more important then.
OTOH, as soon as you're sure the virus removal didn't hurt anything,
it is definitely wise to then go ahead and get rid of it for good. I
usually give it a week or so and then delete them.
And of course, it's a "safe" way to be able to send it in for
analysis in the event it turnd out to be something that's not yet
recognized in the wild as a virus.
And one last work: Never, ever make NOT having such a repository enter
your mind as a plus. It always indicates a less than worthy anti-virus
program which could have a lot of other shortcuts, too.
Just my 2 ¢; sorry 'bout the verbosity,
Twayne
