Configuring quarantine settings and restoration of objects from quarantine

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

To configure quarantine settings:

  1. In the main Kaspersky Security Center Web Console window select DevicesPolicies and profiles.
  2. Select the policy you want to configure.
  3. In the <Policy name> window that opens, select the Application settings tab.
  4. In the Repositories section, select the Quarantine subsection.
  5. In the Quarantine settings section configure the quarantine settings:
    1. In the Quarantine folder field, enter the path to where you want to create the Quarantine folder on the devices or click Browse and select the path.

      The default path is %SOYUZAPPDATA%\Quarantine\. The Quarantine folder is created on all devices with Kaspersky Endpoint Agent at the following path: %ALLUSERSPROFILE%\Kaspersky Lab\Endpoint Agent\4.0.

      The value of the %ALLUSERSPROFILE% variable depends on the operating system of the device where Kaspersky Endpoint Agent is installed.

      Example:

      If the device has the Windows 7 operating system installed and Kaspersky Endpoint Agent is installed on drive C, the path to the Quarantine folder will be:

      C:\ProgramData\Kaspersky Lab\Endpoint Agent\4.0\Quarantine

    2. To configure the maximum quarantine size, select the Maximum Quarantine size (MB) check box and specify the quarantine maximum size in megabytes, or select it from the list.

      For example, you can set the maximum quarantine size to 200 MB.

      When the maximum quarantine size is reached, Kaspersky Endpoint Agent will publish the corresponding event on Kaspersky Security Center server and in the Windows Event Log, but will not stop quarantining new objects.

    3. To specify the quarantine threshold (the space in quarantine remaining until the maximum quarantine size is reached), select the Available space threshold (MB) check box.

      For example, you can set the quarantine threshold value to 50 MB.

      When the quarantine threshold is reached, Kaspersky Endpoint Agent will publish the corresponding event on the Kaspersky Security Center server and in the Windows Event Log, but will not stop quarantining new objects.

  6. In the Restoring objects from Quarantine section, in the Target folder for restored objects field, specify the path to create the folder for objects restored from quarantine.

    The default path is %SOYUZAPPDATA%\Restored\. The Restored folder is created on all devices with Kaspersky Endpoint Agent at the following path: %ALLUSERSPROFILE%\Kaspersky Lab\Endpoint Agent\4.0.

    The value of the %ALLUSERSPROFILE% variable depends on the operating system of the device where Kaspersky Endpoint Agent is installed.

    Example:

    If the device has the Windows 7 operating system installed and Kaspersky Endpoint Agent is installed on drive C, the path to the folder with the objects restored from quarantine will be:

    C:\ProgramData\Kaspersky Lab\Endpoint Agent\4.0\Restored

  7. If you configure the policy settings, in the upper right corner of the group of settings, change the switch from Undefined to Enforce.
  8. Click Apply and OK.

The quarantine settings and the folder for restoring objects from quarantine have been configured.

See also

About Kaspersky Endpoint Agent quarantine

About quarantine management in Kaspersky Endpoint Agent

Configuring data synchronization with the Administration Server

Configuring creation of the threat development chain

Page top