Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

For security officers: Getting started with the application web interface

Managing tasks

Creating a file quarantine task

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Forum Contact support

Creating a file quarantine task

September 6, 2024

ID 247379

If you believe that an infected or probably infected file is on the computer with the Endpoint Agent component, you can isolate it by putting it into quarantine.

To create a file quarantine task:

  1. Select the Tasks section in the application web interface window.

    This opens the task table.

  2. Click Add and select Quarantine file.

    This opens the task creation window.

  3. Configure the following settings:
    1. In the File path field, enter the path to the file that you want to quarantine.
    2. In the MD5/SHA256 field, enter the MD5 or SHA256 hash of the file that you want to quarantine. This field is optional.
    3. Description is the task description. This field is optional.
    4. In the Hosts field, enter the name or IP address of the host to which you want to assign the task.

      You can specify multiple hosts.

    5. Click Add.

    The file quarantine task is created. The task runs automatically after it is created.

    As a result of the task:

    • The file is deleted from the folder of the computer where it is located and moved to the Quarantine directory on the same computer, which was specified during configuration of the application that is used as the Endpoint Agent component.
    • In the task list of the Tasks section of the application web interface, execution information about the task is displayed.
    • In the file list in the Storage section, Quarantine subsection, information about the quarantined file is displayed.

If the file has been blocked by another process, the task is displayed with the Completed status but the file is placed in Quarantine only after the host is restarted. It is recommended to check whether the task was successfully completed after the host is restarted.

The file quarantine task can finish with the Access denied error if you are trying to quarantine an executable file and it is currently running.

To solve this problem, create a process termination task for this file, and then try creating the file quarantine task again.

Users with the Security auditor role cannot create file quarantine tasks.

Users with the Security officer role do not have access to tasks.

See also

Managing tasks

Viewing the task table

Viewing information about a task

Creating a get file task

Creating a forensic collection task

Creating a registry key retrieval task

Creating an NTFS metafile retrieval task

Creating a process memory dump retrieval task

Creating a disk image retrieval task

Creating a RAM dump retrieval task

Creating a process termination task

Creating a task to scan hosts using YARA rules

Creating a service management task

Creating an application execution task

Creating a file deletion task

Creating a quarantined file recovery task

Creating a copy of a task

Deleting tasks

Filtering tasks by creation time

Filtering tasks by type

Filtering tasks by name

Filtering tasks by file name and path

Filtering tasks by description

Filtering tasks by server name

Filtering tasks based on the name of the user that created the task

Filtering tasks by processing status

Clearing a task filter

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.