This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.
To view information about the quarantine settings and quarantined objects using the command line interface:
cd command, navigate to the folder where the Agent.exe file is located.For example, enter the command cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\" and press ENTER.
agent.exe --quarantine=show [--pwd=<current user password>]shows a list of quarantined objects.The following information will be displayed for all objects in the Quarantine folder on devices (the Quarantine folder is specified when quarantine settings are configured):
ouid parameter).DETECT if the file was quarantined by EPP or while performing actions in response to a threat detected by Kaspersky Sandbox. For example, as a result of the Quarantine and delete local action or the Quarantine and delete when IOC is found global action.CUSTOM if the file was quarantined manually as a result of execution of the --quarantine=add command.AUTOMATIC_<name of the application that detected a threat in the quarantined file>, if the file was quarantined by EPP or as part of the response to a threat detected by Kaspersky Sandbox. For example, as a result of the Quarantine and delete local action or the Quarantine and delete when IOC is found global action.BY USER if the file was quarantined manually as a result of execution of the --quarantine=add command.agent.exe --quarantine=limits, to view the current values of the Maximum Quarantine size (MB) and Threshold value for space available (MB) settings, as well as the statuses of applying these settings (check box statuses) specified when configuring the quarantine.Return codes of the --quarantine command: