Viewing information about Quarantine options and quarantined objects

To use the command line interface to view information about Quarantine options and objects quarantined by the Kaspersky Endpoint Agent application:

1. On the workstation, run the command line interpreter (for example, Command Prompt cmd.exe) under the local administrator user account.
2. Use the cd command to change to the directory where the agent.exe file is located.

   For example, you can type cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\" and press ENTER.

3. Enter one of the following commands and press ENTER:
   • agent.exe --quarantine=show [--pwd=<current user password>] if you want to view the list of quarantined objects.

   The following information is displayed about all quarantined objects on workstations in the quarantine folder specified in Quarantine options:

   • IDs of objects that are quarantined as of now (ouid).
   • Names of quarantined objects (name + extension).
   • Date and time when the object was quarantined (UTC).
   • Original path to the quarantined file / default restoration path for the quarantined file (without file name).
   • Size of the quarantined file (in bytes).
   • User account under which the task was performed to quarantine the file.
   • Status of the object:
     • DETECT if the file was quarantined by the EPP application (Kaspersky Endpoint Security for Windows) or as part of Threat Response actions for a threat detected by Kaspersky Sandbox. For example, local Quarantine and delete action or global Quarantine and delete after IOC is found action.
     • CUSTOM if the file was quarantined manually using the -quarantine=add command.
   • Method that was used to quarantine the file:
     • AUTOMATIC_<name of the application that had discovered the threat in the quarantined file> if the file was quarantined by the EPP application or as part of Threat Response actions for a threat detected by Kaspersky Sandbox. For example, local Quarantine and delete action or global Quarantine and delete after IOC is found action.
     • BY USER if the file was quarantined manually using the -quarantine=add command.
   • agent.exe --quarantine=limits if you want to view current values of Maximum Quarantine size (MB) and Threshold value for space available (MB) settings set during configuring Quarantine settings.

     Values of size_limit and free_space_threshold settings are displayed.

Return codes of the --quarantine command:

• -1 – command not supported.
• 0 – command executed successfully.
• 1 – mandatory argument missing.
• 2 – general error.
• 4 – syntax error.

See also Configuring tracing Configuring dump creation Actions with quarantined objects Managing Kaspersky Sandbox integration options Running Kaspersky Endpoint Agent database update Running, stopping, and viewing the current state of the application Password protecting the application Securing services of the application using the PPL technology

Page top