Viewing information about quarantine settings and quarantined objects

To view information about the quarantine settings and quarantined objects using the command line interface:

1. On the device, run a command line interpreter (for example, Command Prompt cmd.exe) with the permissions of the local administrator.
2. Using the cd command, navigate to the folder where the Agent.exe file is located.

   For example, you can type the following command cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\" and press ENTER.

3. Enter one of the following commands and press ENTER:
   • agent.exe --quarantine=show [--pwd=<current user password>], to view a list of quarantined objects.

   The following information will be displayed on all objects in the Quarantine folder on the devices (the Quarantine folder is specified when quarantine settings are configured):

   • Identifiers of objects quarantined by the current moment (ouid parameter).
   • Names of quarantined objects (name + extension).
   • Date and time when the object was quarantined (UTC).
   • Original path to the quarantined file and default path for restoring the quarantined file (without file name).
   • Size of quarantined file (in bytes).
   • User account whose permissions were used to run the task for quarantining the file.
   • Object status:
     • DETECT if the file was quarantined by EPP or while performing actions in response to a threat detected by Kaspersky Sandbox. For example, as a result of the Quarantine and delete local action or the Quarantine and delete when IOC is found global action.
     • CUSTOM if the file was quarantined manually, as a result of the --quarantine=add command execution.
   • The way the file was quarantined:
     • AUTOMATIC_<name of the application that detected a threat in the quarantined file>, if the file was quarantined by EPP or while performing actions in response to a threat detected by Kaspersky Sandbox. For example, as a result of the Quarantine and delete local action or the Quarantine and delete when IOC is found global action.
     • BY USER if the file was quarantined manually, as a result of the --quarantine=add command execution.
   • agent.exe --quarantine=limits, to view the current values of the Maximum Quarantine size (MB) and Available space threshold (MB) settings, as well as the statuses of applying these settings (check box statuses) specified when configuring the quarantine.

Return codes of the --quarantine command:

• -1 – command is not supported.
• 0 – command successfully executed.
• 1 – required argument is not passed to the command.
• 2 – general error.
• 4 – syntax error.

See also Managing Kaspersky Endpoint Agent activation Running Kaspersky Endpoint Agent database and module update Actions on quarantined objects Starting, stopping and viewing the current application status Protecting the application with password Protecting application services with PPL technology Managing self-defense settings Managing network isolation Managing Standard IOC Scan tasks Managing Execution prevention Managing event filtering Configuring tracing Configuring creation of dump files

Page top