Managing objects in Storage and Quarantine

Users with the Senior security officer or Security officer roles can place copies of objects that they want to scan into Storage, which is located on the Central Node server.

You can manage objects in Storage as follows: delete, download, upload, and send objects to be scanned, and filter lists of objects.

Users with the Security auditor role can only view the table of objects placed in Storage, information about objects manually uploaded to Storage, and information about a task, as well as download selected objects.

Kaspersky Anti Targeted Attack Platform displays the objects in Storage as a table of objects.

If you are using the distributed solution and multitenancy mode, Backup is located on PCN and SCN servers. The web-interface of the PCN server displays information about Storage of all connected SCNs for organizations, which the user is allowed to access.

Users with the Senior security officer role can place copies of objects into Storage using the Get file task or by manually uploading the object to Storage on the PCN or SCN server which is used to manage organizations whose data the user is allowed to gain access to.

Users with the Security officer role can only work with files received as part of tasks that the same user created on the PCN or SCN server which is used to manage organizations that the user is allowed to access.

If you consider an object threatening, you can quarantine it on the computer with the Kaspersky Endpoint Agent program. Metadata of the quarantined object are displayed in the Storage section, Quarantine subsection of the Kaspersky Anti Targeted Attack Platform web interface.

Quarantine on computers with Kaspersky Endpoint Agent is a designated storage location on each computer on which the threatening object is detected. Objects that are probably infected by viruses or cannot be disinfected at the time of detection are quarantined. Quarantined objects are stored in encrypted form and do not threaten the security of the computer.

When an object is quarantined on a Kaspersky Endpoint Agent computer, it is moved rather than copied: the object is deleted from the directory where it was detected and placed in the quarantine directory that is specified in Kaspersky Endpoint Agent settings.

Quarantine on a Kaspersky Anti Targeted Attack Platform server is an area of Storage of the server part of the Kaspersky Anti Targeted Attack Platform solution, which is used for storing metadata of objects quarantined on Kaspersky Endpoint Agent computer, in the Storage section, Quarantine subsection of the web interface of Kaspersky Anti Targeted Attack Platform.

You can manage quarantined objects: restore objects from quarantine and upload copies of objects quarantined on Kaspersky Endpoint Agent computers to Storage of Kaspersky Anti Targeted Attack Platform.

Kaspersky Anti Targeted Attack Platform displays the information about quarantined objects as a table.

The default maximum Storage space is 10 GB. As soon as this threshold value is exceeded, the program starts to remove the oldest copies of objects from Storage. When the amount of occupied space is again below the threshold value, the program stops removing copies of objects from Storage.

The actual size of the object can be greater than the apparent size of the object due to the metadata required to restore the object from Quarantine. When an object is quarantined, its actual size is considered. Encrypted files may be sent in decrypted form (depending on encryption settings), compressed files are sent as-is.

In this Help section

Viewing the table of objects that were placed in Storage

Viewing information about an object manually placed in Storage

Viewing information about an object placed in Storage by a task

Viewing information about an object with a list of files, processes

Downloading objects from Storage

Uploading objects to Storage

Sending objects in Storage for scanning

Deleting objects from Storage

Filtering objects in Storage by object type

Filtering objects in Storage by object description

Filtering objects in Storage based on scan results

Filtering objects in Storage based on the name of Central Node, PCN, or SCN server

Filtering objects in Storage by object source

Filtering objects based on the time they were placed in Storage

Clearing a Storage objects filter

Viewing the table of objects quarantined on computers with Kaspersky Endpoint Agent

Viewing information about a quarantined object

Restoring an object from Quarantine

Obtaining a copy of a quarantined object on a Kaspersky Anti Targeted Attack Platform server

Removing information about the quarantined object from the table

Filtering information about quarantined objects by object description

Filtering information about quarantined objects by host name

Filtering information about quarantined objects by time

Resetting the filter for information about quarantined objects

Page top