When reacting to threats, Kaspersky Endpoint Detection and Response Optimum can create Move file to Quarantine tasks. The Quarantine is a special local storage on the computer where files that are infected by viruses or non-disinfectable files are moved to. Quarantined files are stored in an encrypted state and do not threaten the security of the device. Kaspersky Endpoint Security uses Quarantine only when working with Kaspersky Sandbox and Kaspersky Endpoint Detection and Response solutions. In other cases Kaspersky Endpoint Security places the relevant file in Backup. For details on managing Quarantine as part of solutions, please refer to the Kaspersky Sandbox Help, Kaspersky Endpoint Detection and Response Optimum Help, and Kaspersky Endpoint Detection and Response Expert Help.
You can create Move file to Quarantine tasks in the following ways:
Alert Details is a tool for viewing the entirety of collected information about a detected threat. Alert details include, for example, the history of files appearing on the computer. For details about managing alert details, refer to the Kaspersky Endpoint Detection and Response Optimum Help and the Kaspersky Endpoint Detection and Response Expert Help.
You must enter the file path or hash (SHA256 or MD5), or both the file path and the file hash.
The file size must not exceed 100 MB.
You can configure the task for EDR Optimum in Web Console and Cloud Console. Task settings for EDR Expert are available only in Cloud Console.
To create a Move file to Quarantine task:
The list of tasks opens.
The Task Wizard starts.
By default, Kaspersky Endpoint Security starts the task as the system user account (SYSTEM).
A new task will be displayed in the list of tasks.
The task properties window opens.
The file adding wizard starts.
If the file is located on a network drive, enter the file path starting with \\
, and not the drive letter. For example, \\server\shared_folder\file.exe
. If the file path contains a network drive letter, you can get a File not found error.
As a result, Kaspersky Endpoint Security moves the file to Quarantine. If the file is locked by a different process, the task is displayed as Completed, but the file itself is quarantined only after the computer is restarted. After restarting the computer, confirm that the file is deleted.
The Move file to Quarantine task can finish with the Access denied error if you are trying to quarantine an executable file that is currently running. Create a terminate process task for the file and try again.
The Move file to Quarantine task can fail with the Not enough space in Quarantine storage error if you are trying to quarantine a file that is too large. Empty the Quarantine or make Quarantine larger. Then try again.
You can restore a file from Quarantine or empty the Quarantine using Web Console. You can restore objects locally on the computer using the command line.
Page top