ON PREMISES SOLUTIONS

Operation

Exchange servers quarantine

The Exchange quarantine contains emails and attachments. The Antimalware module quarantines email attachments, whereas Antispam, Content and Attachment Filtering quarantine the whole email.

Note

The quarantine for Exchange Servers requires additional hard-disk space on the partition where the security agent is installed. The quarantine size depends on the number of items stored and their size.

Viewing the quarantine details

The Quarantine page offers you detailed information about the quarantined objects from all Exchange Servers within your organization. The information is available in the Quarantine table and in the details window of each object.

The Quarantine table provides you with the following information:

  • Subject - The subject of the quarantined email.

  • Sender - The sender's email address as it appears in the email header field From.

  • Recipients - The list of recipients as they appear in the email header fields To and Cc.

  • Real recipients - The list of individual users' email addresses to which the email was intended to be delivered before being quarantined.

  • Status - The object's status after it was scanned. The status shows if an email is marked as spam or contains unwanted content, or if an attachment is malware infected, suspect of being infected, unwanted or unscannable.

  • Malware name - Name given to the malware threat by the Bitdefender security researchers.

  • Server name - The hostname of the server on which the threat was detected.

  • Quarantined on - Date and time when the object was quarantined.

  • Action status - The status of the action taken on the quarantined object. This way you can quickly view if an action is still pending or it has failed.

Note

  • The columns Real recipients, Malware name and Server name are hidden in the default view.

  • When several attachments from the same email get quarantined, the Quarantine table shows a separate entry for each attachment.

To customize the quarantine details displayed in the table:

  1. Click the columns.png Columns button at the right-side of the table header.

  2. Select the columns you want to view.

    To return to the default columns view, click the Reset button.

You can obtain more information by clicking the Subject link corresponding to each object. The Object Details window is displayed, providing you with the following information:

  • Quarantined object - The type of quarantined object, which can be either email or attachment.

  • Quarantined on - Date and time when the object was quarantined.

  • Status - The object's status after it was scanned. The status shows if an email is marked as spam or contains unwanted content, or if an attachment is malware infected, suspect of being infected, unwanted or unscannable.

  • Attachment name - The filename of the attachment detected by the Antimalware or Attachment Filtering modules.

  • Malware name - Name given to the malware threat by the Bitdefender security researchers. This information is available only if the object was infected.

  • Detection point - An object is detected either at the transport level, or in a mailbox or public folder from the Exchange Store.

  • Rule matched - The policy rule that the threat matched with.

  • Server - The hostname of server the threat was detected on.

  • Sender IP - Sender's IP address.

  • Sender (From) - The sender's email address as it appears in the email header field From.

  • Recipients - The list of recipients as they appear in the email header fields To and Cc.

  • Real recipients - The list of individual users' email addresses to which the email was intended to be delivered before being quarantined.

  • Subject - The subject of the quarantined email.

Note

The ellipsis mark at the end of the text indicates that a part of the text is omitted. In this case, move the mouse over the text to view it in a tooltip.

Quarantined objects

Emails and files quarantined by the Exchange Protection module are stored locally on the server as encrypted files. Using Control Center you have the option to restore quarantined emails, as well as delete or save any quarantined files or emails.

Restoring Quarantined Emails

If you decide a quarantined email does not represent a threat, you can release it from the quarantine. Using Exchange Web Services, Exchange Protection sends the quarantined email to its intended recipients as an attachment to a Bitdefender notification email.

Note

You can restore only emails. To recover a quarantined attachment, you must save it to a local folder on the Exchange server.

To restore one or several emails:

  1. Go to the Quarantine page.

  2. Choose Exchange from the views selector available at the upper side of the page.

  3. Select the check boxes corresponding to the emails you want to restore.

  4. Click the restore.png Restore button at the upper side of the table. The Restore credentials window will appear.

  5. Select the credentials of an Exchange user authorized to send the emails to be restored. If the credentials you intend to use are new, you have to add them to the Credentials Manager first.

    To add the required credentials:

    1. Enter the required information in the corresponding fields from the table header:

      • The username and password of the Exchange user.

        Note

        The username must include the domain name, as in user@domain or domain\user.

      • The email address of the Exchange user, necessary only when the email address is different from the username.

      • The Exchange Web Services (EWS) URL, necessary when Exchange Autodiscovery does not work. This is usually the case with Edge Transport servers in a DMZ.

    2. Click the add.png Add button at the right side of the table. The new set of credentials is added to the table.

  6. Click the Restore button. A confirmation message will appear.

    The requested action is sent to the target servers immediately. Once an email is restored, it is also deleted from quarantine, so the corresponding entry will disappear from the Quarantine table.

    You can check the status of the restore action in any of these places:

    • Action status column of the Quarantine table.

    • Network > Tasks page.

Saving Quarantined Files

If you want to examine or recover data from quarantined files, you can save the files to a local folder on the Exchange Server. Bitdefender Endpoint Security Tools decrypts the files and saves them to the specified location.

To save one or several quarantined files:

  1. Go to the Quarantine page.

  2. Choose Exchange from the views selector available at the upper side of the page.

  3. Filter the table data to view all files you want to save, by entering the search terms in the column header fields.

  4. Select the check boxes corresponding to the quarantined files you want to restore.

  5. Click the save.png Save button at the upper side of the table.

  6. Enter the path to the destination folder on the Exchange Server. If the folder does not exist on the server, it will be created.

    Important

    You must exclude this folder from file system level scanning, otherwise the files will be moved to the Computers and Virtual Machines Quarantine. For more information, refer to Exclusions.

  7. Click Save. A confirmation message will appear.

    You can notice the pending status in the Action status column. You can also view the action status in the Network > Tasks page.

Automatic Deletion of Quarantined Files

By default, quarantined files older than days are automatically deleted. You can change this setting by editing the policy assigned to the managed Exchange Server.

To change the automatic deletion interval for quarantined files:

  1. Go to the Policies page.

  2. Click the name of the policy assigned to the Exchange Server you are interested in.

  3. Go to the Exchange Protection > General page.

  4. In the Settings section, select the number of days after which files are being deleted.

  5. Click Save to apply changes.

Manual Deletion of Quarantined Files

To delete one or more quarantined objects:

  1. Go to the Quarantine page.

  2. Select Exchange from the views selector.

  3. Select the check boxes corresponding to the files you want to delete.

  4. Click the delete.png Delete button at the upper side of the table. Click Yes to confirm your action.

    You can notice the pending status in the Action status column.

    The requested action is sent to the target servers immediately. Once a file is deleted, the corresponding entry will disappear from the Quarantine table.

Emptying the Quarantine

To delete all the quarantined objects:

  1. Go to the Quarantine page.

  2. Select Exchange from the view selector.

  3. Click the Empty Quarantine button.

    Click Yes to confirm your action.

All the entries from the Quarantine table are cleared. The requested action is sent to the target network objects immediately.