Viewing information about quarantine settings and quarantined objects

To view information about the quarantine settings and quarantined objects using the command line interface:

1. On the device, run a command line interpreter (for example, Command Prompt cmd.exe) with the permissions of the local administrator.
2. Using the cd command, navigate to the folder where the Agent.exe file is located.

   For example, enter the command cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\" and press ENTER.

3. Enter one of the following commands and press ENTER:
   • agent.exe --quarantine=show [--pwd=<current user password>]shows a list of quarantined objects.

   The following information will be displayed for all objects in the Quarantine folder on devices (the Quarantine folder is specified when quarantine settings are configured):

   • Identifiers of objects quarantined so far (ouid parameter).
   • Names of quarantined objects (name + extension).
   • Date and time when the object was quarantined (UTC).
   • Original path to the quarantined file and default path for restoring the quarantined file (without file name).
   • Size of quarantined file (in bytes).
   • Account of the user whose permissions were used to run the task to quarantine the file.
   • Object status:
     • DETECT if the file was quarantined by EPP or while performing actions in response to a threat detected by Kaspersky Sandbox. For example, as a result of the Quarantine and delete local action or the Quarantine and delete when IOC is found global action.
     • CUSTOM if the file was quarantined manually as a result of execution of the --quarantine=add command.
   • The way the file was quarantined:
     • AUTOMATIC_<name of the application that detected a threat in the quarantined file>, if the file was quarantined by EPP or as part of the response to a threat detected by Kaspersky Sandbox. For example, as a result of the Quarantine and delete local action or the Quarantine and delete when IOC is found global action.
     • BY USER if the file was quarantined manually as a result of execution of the --quarantine=add command.
   • agent.exe --quarantine=limits shows the current values of the Maximum Quarantine size (MB) and Available space threshold (MB) settings, as well as the statuses of applying these settings (check box statuses) specified when the quarantine was configured.

Return codes of the --quarantine command:

• -1 – command is not supported.
• 0 – command successfully executed.
• 1 – required argument is not passed to the command.
• 2 – general error.
• 4 – syntax error.