One of the actions Kaspersky Endpoint Security can perform to respond to threats detected by Kaspersky Sandbox is sending the threatening objects to Quarantine.
Quarantine is a special repository for storing files that are probably infected with viruses and files that cannot be disinfected at the time when they are detected. Files in Quarantine are stored in encrypted form and do not pose a security threat to the workstation.
Kaspersky Security Center generates a common list of objects on workstations quarantined by Kaspersky Endpoint Security. Network Agents on workstations submit information about files in Quarantine to the Administration Server. You can use the Web Console to view properties of objects in Quarantine on workstations, delete objects in Quarantine, and restore objects from Quarantine.
Web Console does not copy files from Quarantine to Administration Server. All objects are kept on workstations where Kaspersky Endpoint Security is installed. Objects are restored from Quarantine also on workstations.
Quarantine is created under the same system user account on the workstation under which the threatening object was detected.
Quarantined objects can be deleted using the command line only under the local user account of the workstation.
To configure Kaspersky Endpoint Security Quarantine:
If the maximum size of Quarantine is reached, Kaspersky Endpoint Agent can no longer quarantine new objects until you delete some of the existing objects.
For example, you can set the maximum Quarantine size to 200 MB.
If the threshold value of Quarantine is reached, Kaspersky Endpoint Agent can no longer quarantine new objects until you delete some of the existing objects.
For example, you can set the threshold value of Quarantine to 50 MB.
The default path is
%SOYUZAPPDATA%\Restored\. The Restored folder is created on all workstations with Kaspersky Endpoint Agent in the
%ALLUSERSPROFILE%\Kaspersky Lab\Endpoint Agent\4.0 folder.
Values of the
%ALLUSERSPROFILE% variable depend on the operating system of the workstation where the Kaspersky Endpoint Agent application is installed.
If the workstation has the Windows 7 operating system installed and the Kaspersky Endpoint Agent application is installed on drive C, the path to the Quarantine folder will be:
Settings of Quarantine and restoring objects from Quarantine are configured.