Configuring Quarantine settings and restoration of objects from Quarantine

One of the actions Kaspersky Endpoint Security can perform to respond to threats detected by Kaspersky Sandbox is sending the threatening objects to Quarantine.

Quarantine is a special repository for storing files that are probably infected with viruses and files that cannot be disinfected at the time when they are detected. Files in Quarantine are stored in encrypted form and do not pose a security threat to the workstation.

Kaspersky Security Center generates a common list of objects on workstations quarantined by Kaspersky Endpoint Security. Network Agents on workstations submit information about files in Quarantine to the Administration Server. You can use the Web Console to view properties of objects in Quarantine on workstations, delete objects in Quarantine, and restore objects from Quarantine.

Web Console does not copy files from Quarantine to Administration Server. All objects are kept on workstations where Kaspersky Endpoint Security is installed. Objects are restored from Quarantine also on workstations.

Quarantine is created under the same system user account on the workstation under which the threatening object was detected.

Quarantined objects can be deleted using the command line only under the local user account of the workstation.

To configure Kaspersky Endpoint Security Quarantine:

In the main window of Web Console, go to the Devices → Policies & profiles section.
Click the name of the Kaspersky Endpoint Security policy.
Go to the Application settings tab.
Select the General settings section.
Click Reports and Storage.
1. If you want to configure the maximum size of Quarantine, select the Maximum Quarantine size (MB) check box and type the maximum size of Quarantine in MB or select it from the list.
  If the maximum size of Quarantine is reached, Kaspersky Endpoint Agent can no longer quarantine new objects until you delete some of the existing objects.
  
  For example, you can set the maximum Quarantine size to 200 MB.
2. If you want to configure a threshold value for Quarantine (space in Quarantine remaining to maximum Quarantine size), select the Threshold value for space available (MB) check box.
  If the threshold value of Quarantine is reached, Kaspersky Endpoint Agent can no longer quarantine new objects until you delete some of the existing objects.
  
  For example, you can set the threshold value of Quarantine to 50 MB.

Under Restoring objects from Quarantine, in the Target folder for restored objects field, enter the path to where you want to create a folder for objects restored from Quarantine.

The default path is %SOYUZAPPDATA%\Restored\. The Restored folder is created on all workstations with Kaspersky Endpoint Agent in the %ALLUSERSPROFILE%\Kaspersky Lab\Endpoint Agent\4.0 folder.

Values of the %ALLUSERSPROFILE% variable depend on the operating system of the workstation where the Kaspersky Endpoint Agent application is installed.

Example:

If the workstation has the Windows 7 operating system installed and the Kaspersky Endpoint Agent application is installed on drive C, the path to the Quarantine folder will be:

C:\ProgramData\Kaspersky Lab\Endpoint Agent\4.0\Restored

In the upper right corner of the settings group, move the toggle switch from Unaffected by policy to Under policy.
Click Apply and OK.

Settings of Quarantine and restoring objects from Quarantine are configured.