When Cylance Smart Antivirus quarantines a file, the file is moved from its original location to the Cylance Smart Antivirus quarantine folder. The file is renamed by adding ".quarantine" to the end of the filename, thus changing the extension (e.g. malware.exe to malware.quarantine). The file is modified to prevent the file from being used, so it cannot be launched or run.
Once a file has been quarantined, either through Auto Quarantine or adding the file to the Global Quarantine list, Cylance Smart Antivirus will continue to prevent that file from running on your devices. If the filename is changed or if the file is copied to a new location on the device, Cylance will continue to block the file.
What happens if the malicious action keeps adding the same file to the same location?
Once a file has been quarantined, if a copy of the original file is placed in the original location, that copy will not be moved to the quarantine folder. Instead the file attributes are modified so the file is hidden and cannot be used. This is done to prevent the malicious action from placing the same file in the same location over and over again. This type of malicious action, also known as a Dropper, checks the original file location, and if it does not find it there, puts a copy of the file in that folder.
How do I stop a file from being quarantined?
To allow a file that has been quarantined to run please follow the steps outlined in this article: