If hothing is quarantined, is Cerberus doing its job?

The answer is a very resounding yes. Very few processes, if any, will be quarantined. This will only occur when the illegitimate activity cannot be stopped by other means.

When Cerberus first detects suspicious communications to the outside, it will suppress the stream of communications. While activity is suppressed from this suspect, Cerberus analyzes the process and what it is doing. If the process stops its attempts, Cerberus will slowly relax its suppression. This is similar to giving a prisoner a few more privileges for good behavior. But only if that good behavior continues. If at any time, the process resumes its behavior, Cerberus will suppress it again so it cannot do damage. Or if the process transforms its identity, for example, it mutates, and resumes its illegitimate activity, Cerberus will suppress it once again. Cerberus can do this as it does not rely on signatures. Cerberus is designed for zero day and self-mutating malware. This process is repeated and Cerberus never tires of its diligent watch.

In most cases of spyware, adware, worms and self-propagating viruses, Cerberus’ suppression of activity either allows the malware’s program to complete harmlessly, rendering it useless from thereon. In the case of malware that is gathering marketing data, it will typically only make a few attempts before giving up. Most sites do not send further requests for this data if their first request is not answered. However, if the malware is incorrigible and deemed harmful, it will be quarantined and no longer permitted to communicate.

It’s really as simple as that. Cerberus is doing all the work for you. It will contain suspects, analyze them and either release then or or eventually quarantine them. But please make sure to read the below “Cerberus and Your Browser”. This talks about how to treat the rare circumstance when your browser is quarantined.