Skip to main content

PARTNERS

Quarantine

The quarantine is an encrypted folder that contains potentially malicious files, such as malware-suspected, malware-infected or other unwanted files. When a virus or other form of malware is in quarantine, it cannot do any harm because it cannot be executed or read.

GravityZone moves files to quarantine according to the policies assigned to endpoints. By default, files that cannot be disinfected are quarantined.

The quarantine is saved locally on each endpoint.

By default, quarantined files are automatically sent to Bitdefender Labs to be analyzed by the Bitdefender malware researchers. If malware presence is confirmed, a signature is released to allow removing the malware. In addition, quarantined files are scanned after each malware signature update. Cleaned files are automatically moved back to their original location. These features are relative to each security policy on the Policies page and you can choose whether to keep or deactivate them. For more information, refer to Quarantine.

Important

  • Quarantine is not available for mobile devices.

  • Availability and functioning of this feature may differ depending on the license included in your current plan.

Exploring the Quarantine page

The Quarantine page provides detailed information regarding the quarantined files from all endpoints you manage. For more information about the quarantined items detected on Exchange mail servers, refer to Exchange Protection.

quarantine_page_cp_89885_en.PNG

The Computers and Virtual Machines quarantine page contains information about items detected directly in the endpoints file system.

Information about quarantined files is displayed in a table. Depending on the number of managed endpoints and the infection degree, the Quarantine table can include a large number of entries. The table can span several pages (by default, only 20 entries are displayed per page).

To move through the pages, use the navigation buttons at the bottom of the table. To change the number of entries displayed on a page, select an option from the menu next to the navigation buttons.

For better visibility of the data you are interested in you can use the available filters. For example, you can search for a specific threat detected in the network by typing the threat name in the search bar of the filter. You can also click the column headers to sort data by a specific column.

To view quarantined files from all the companies you directly manage or from all companies to which you have access use the specific entries under the Company filter: All directly managed and All recursively.

To manage the Quarantine page, use the options available on the upper right side. You can reset filters to default values or hide them completely, adjust columns, reset, refresh, or adjust the grid to a compact view.

The quarantine table provides you with the following information:

  • The name of endpoint the threat was detected on.

  • The company where the endpoint is located.

  • IP of the endpoint the threat was detected on.

  • Path to the infected or suspicious file on the endpoint it was detected on.

  • Name given to the malware threat by the Bitdefender security researchers.

  • The date and time when the file was quarantined.

  • The status of the action requested to be taken on the quarantined file.

To make sure the latest information is being displayed, click the refresh_portlet.png Refresh button on the lower right side of the table. This may be needed when you spend more time on the page.

Managing the quarantined files

The behavior of the quarantine is different for each environment:

  • Security for Endpoints stores the quarantined files on each managed computer. Using Control Center you have the option to either delete or restore specific quarantined files.

  • Security for Virtualized Environments (Multi-platform) stores the quarantined files on each managed virtual machine. Using Control Center you have the option to either delete or restore specific quarantined files.

Restoring quarantined files

On particular occasions, you may need to restore quarantined files, either to their original location or to an alternate location. One such situation is when you want to recover important files stored in an infected archive that has been quarantined.

Note

Restoring quarantined files is only possible in environments protected by Security for Endpoints and Security for Virtualized Environments (Multi-Platform).

To restore one or more quarantined files:

  1. Go to the Quarantine page.

  2. Choose Computers and VMs.

  3. Select the check boxes corresponding to the quarantined files you want to restore. Quarantined files located inside archives can only be restored to a custom location.

  4. Click the Restore button on the upper side of the table.

  5. Choose the location where you want the selected files to be restored (either the original or a custom location on the target computer).

    If you choose to restore to a custom location, you must enter the absolute path in the corresponding field.

  6. Click Save. You can notice the pending status in the Action status column.

    The requested action is sent to the target endpoints immediately or as soon as they get back online. You can view details regarding the action status in the Tasks page. Once a file is restored, the corresponding entry will disappear from the Quarantine table.

Adding exclusions for quarantined files

To exclude a quarantined file:

  1. Go to the Quarantine page.

  2. Choose Computers and VMs.

  3. Select the checkbox corresponding to the quarantined file you want to exclude.

  4. Click the Add exclusions button on the upper side of the table and confirm your action. The exclusion is automatically created and displayed in the Exclusions list from the Configuration Profiles page.

Automatic deletion of quarantined Files

By default, quarantined files older than 30 days are automatically deleted. This setting can be changed by editing the policy assigned to the managed endpoints.

To change the automatic deletion interval for quarantined files:

  1. Go to the Policies page.

  2. Find the policy assigned to the endpoints on which you want to change the setting and click its name.

  3. Go to the Antimalware > Settings page.

  4. In the Quarantine section, select the number of days after which files are being deleted.

  5. Click Save to apply changes.

Manual deletion of quarantined files

If you want to manually delete quarantined files, you should first make sure the files you choose to delete are not needed.

A file may actually be the malware itself. If your research leads you to such a situation, you can search the quarantine for the specific threat and delete it from the quarantine.

To delete one or more quarantined files:

  1. Go to the Quarantine page.

  2. Select Computers and VMs.

  3. Select the check boxes corresponding to the quarantined files you want to delete.

  4. Click the Actions button at the upper side of the table and select Delete. Click Yes to confirm your action.

    You can notice the pending status in the Action status column.

    The requested action is sent to the target network objects immediately or as soon as they get back online. Once a file is deleted, the corresponding entry will disappear from the Quarantine table.

Emptying the Quarantine

To delete all the quarantined objects:

  1. Go to the Quarantine page.

  2. Select Computers and VMs.

  3. Click the Actions button and select Empty Quarantine.

    In the confirmation window, select the option Include sub-companies quarantine to also delete the quarantined objects for your child companies, and click Delete.

    All the entries from the Quarantine table are cleared. The requested action is sent to the target network objects immediately or as soon as they get back online.