One of the possible response actions when a threat is detected is to quarantine the file.
Quarantine is a special local repository on a device with an EPP application that supports Kaspersky Endpoint Detection and Response Optimum functionality. It is intended for storing files that are probably infected by viruses or cannot be disinfected when detected. Quarantined files are stored on the protected device in an encrypted form and therefore do not compromise its security.
You can quarantine a file manually or configure automatic quarantining of a file as a result of alert response actions.
For details on Quarantine, refer to the Kaspersky Endpoint Security for Windows Help, Kaspersky Endpoint Security for Mac Help, and Kaspersky Endpoint Security for Linux Help. You can also quarantine a file from the alert details window.
This functionality is supported by Kaspersky Endpoint Security for Linux 12.2 or later.
If Kaspersky Endpoint Security for Windows 11.10.0 or later or Kaspersky Endpoint Security for Mac 12.1 or later is installed on the organization's computers, this response action is not available for System Critical Objects (SCOs). SCOs include files required for the operation of the operating system and Kaspersky Endpoint Security.
In Kaspersky Endpoint Security for Mac 12.2 or later, this response action is available even if the file is an SCO. We recommend that you use this functionality with caution. By default, this response action is disabled for SCOs, as in the previous versions of Kaspersky Endpoint Security for Mac.