Users with the Senior security officer or Security officer roles can place copies of objects that they want to scan into Storage, which is located on the Central Node server.
You can manage objects in Storage as follows: delete, download, upload, and send objects to be scanned, and filter lists of objects.
Users with the Security auditor role can only view the table of objects placed in Storage, information about objects manually uploaded to Storage, and information about a task, as well as download selected objects.
Kaspersky Anti Targeted Attack Platform displays the objects in Storage as a table of objects.
If you are using the distributed solution and multitenancy mode, Backup is located on PCN and SCN servers. The web-interface of the PCN server displays information about Storage of all connected SCNs for organizations, which the user is allowed to access.
Users with the Senior security officer role can place copies of objects into Storage using the Get file task or by manually uploading the object to Storage on the PCN or SCN server which is used to manage organizations whose data the user is allowed to gain access to.
Users with the Security officer role can only work with files received as part of tasks that the same user created on the PCN or SCN server which is used to manage organizations that the user is allowed to access.
If you consider a file threatening, you can quarantine it on the computer with the Kaspersky Endpoint Agent program. Metadata of the quarantined file are displayed in the Storage section, Quarantine subsection of the Kaspersky Anti Targeted Attack Platform web interface.
Quarantine on Kaspersky Endpoint Agent hosts is a special local storage for files that you consider unsafe. Quarantined files are stored in encrypted form and do not threaten the security of the computer.
When a file is quarantined on a Kaspersky Endpoint Agent host, it is moved rather than copied: the object is deleted from the directory where it was detected and placed in the quarantine directory that is specified in Kaspersky Endpoint Agent settings.
Quarantine on a Kaspersky Anti Targeted Attack Platform server is an area of Storage of the server part of the Kaspersky Anti Targeted Attack Platform solution, which is used for storing metadata of objects quarantined on Kaspersky Endpoint Agent computer, in the Storage section, Quarantine subsection of the web interface of Kaspersky Anti Targeted Attack Platform.
You can manage quarantined objects: restore objects from quarantine and upload copies of objects quarantined on Kaspersky Endpoint Agent computers to Storage of Kaspersky Anti Targeted Attack Platform.
Kaspersky Anti Targeted Attack Platform displays the information about quarantined objects as a table.
The default maximum Storage space is 10 GB. As soon as this threshold value is exceeded, the program starts to remove the oldest copies of objects from Storage. When the amount of occupied space is again below the threshold value, the program stops removing copies of objects from Storage.
The actual size of the object can be greater than the apparent size of the object due to the metadata required to restore the object from Quarantine. When an object is quarantined, its actual size is considered. Encrypted files may be sent in decrypted form (depending on encryption settings), compressed files are sent as-is.