React to detected viruses and malware

For the individual protection components of your Avira product, you can define how your Avira product reacts to a detected virus or unwanted program in the Configuration under the section Action on detection.

There are no configurable action options with the Real-Time Protection component. When a virus or unwanted program is detected, you will receive a desktop notification. In the desktop notification you can remove the detected malware or forward the  malware using the Details button to the System Scanner component for further virus management. The System Scanner opens a window containing notification of the detection, which gives you various options for managing the affected file via a context menu (see Detection > System Scanner):

Action options for the System Scanner:


In interactive action mode, the results of the System Scanner scan are displayed in a dialog box. This option is enabled as the default setting.

In the case of System Scanner scan, you will receive an alert with a list of the affected files when the scan is complete. You can use the content-sensitive menu to select an action to be executed for the various infected files. You can execute the standard actions for all infected files or cancel the System Scanner.


In automatic action mode, when a virus or unwanted program is detected the action you selected in this area is executed automatically.

In interactive action mode, you can react to detected viruses and unwanted programs by selecting an action for the infected object in the alert and executing the selected action by clicking Confirm.

The following actions for handling infected objects are available for selection:

Which actions are available for selection depends on the operating system, the protection components (Avira Real-Time Protection, Avira Mail Protection, Avira Web Protection) reporting the detection, and the type of malware detected.

Actions of the System Scanner:


The file is repaired.

This option is only available if the infected file can be repaired.


The file is renamed with a *.vir extension. Direct access to these files (e.g. with double-click) is therefore no longer possible. Files can be repaired and given their original name at a later time.


The file is packaged into a special format (*.qua) and moved to the Quarantine directory INFECTED on your hard disk, so that direct access is no longer possible. Files in this directory can be repaired in Quarantine at a later data or, if necessary, sent to Avira.


The file will be deleted. If a boot sector virus is detected, this can be deleted by deleting the boot sector. A new boot sector is written.


No further action is taken. The infected file remains active on your computer.

This could result in loss of data and damage to the operating system! Only select the Ignore option in exceptional cases.

Always ignore

Action option for Real-Time Protection detections: No further action is taken by Real-Time Protection. Access to the file is permitted. All further access to this file is permitted and no further notifications will be provided until the computer is restarted or the virus definition file is updated.

Copy to quarantine

Action option for a rootkits detection: The detection is copied to quarantine.

Repair boot sector | Download repair tool

Action options when infected boot sectors are detected: A number of options are available for repairing infected diskette drives. If your Avira product is unable to perform the repair, you can download a special tool for detecting and removing boot sector viruses.

If you carry out actions on running processes, the processes in question are terminated before the actions are performed.

The website requested from the web server and/or any data or files transferred are moved to quarantine. The affected file can be recovered from quarantine manager if it has an informative value or – if necessary – sent to the Avira Malware Research Center.

Reacting to detected viruses and malware