Items that are detected as threats, are cleaned or deleted. Plus, a copy of the item is converted
to a non-executable format and saved in the Quarantine folder. This allows you to perform
processes on the quarantined items after downloading a later version of the DAT, that possibly
contains information that can clean the threat.
These additional processes include:
• Check for false positive.
• View detection properties.
NOTE: Quarantined items can include multiple types of scanned objects. These objects include
files, cookies, registries, or anything VirusScan Enterprise scans for malware."
Also, with the right tools, one can extract the individual files in the Quarantine folder for submission to VirusTotal or McAfee, for further analysis.
There have been times when 'False Positives' have occurred on critical OS or application files. By leaving them in the Quarantine folder for some 'time' allows for a more graceful recovery should the false positive files need to be recovered.
Hope this helps,