Move file to Quarantine
July 2, 2024
ID 276111
When reacting to threats, Kaspersky Endpoint Detection and Response can create Move file to Quarantine tasks. This is necessary to minimize the consequences of the threat. Quarantine is a special local storage on the computer. The user can quarantine files that the user considers dangerous for the computer. Quarantined files are stored in an encrypted state and do not threaten the security of the device. Kaspersky Endpoint Security uses Backup as a file storage. For details on managing Quarantine as part of solutions, please refer to the Kaspersky Endpoint Detection and Response Optimum Help.
You can create Move file to Quarantine tasks in the following ways:
- In alert details (only for EDR Optimum).
Alert Details is a tool for viewing the entirety of collected information about a detected threat. Alert details include, for example, the history of files appearing on the computer. For details about managing alert details, refer to the Kaspersky Endpoint Detection and Response Optimum Help.
- Using the Task Wizard.
You must enter the file path or hash (SHA256 or MD5), or both the file path and the file hash.
The Move file to Quarantine task has the following limitations:
- The file size must not exceed 100 MB.
- System Critical Objects (SCO) cannot be quarantined. SCOs are files that the operating system and the Kaspersky Endpoint Security for Windows application require to be able to run.
- You can configure the task for EDR Optimum in Web Console and Cloud Console.
- The Backup capacity is limited by the free disk space.
To create a Move file to Quarantine task:
- In the main window of the Web Console, select Devices > Tasks.
The list of tasks opens.
- Click Add.
The New task wizard starts.
- Configure the task settings:
- In the Application drop-down list, select Kaspersky Endpoint Security for Mac (12.1).
- In the Task type drop-down list, select Move file to Quarantine.
- In the Task name field, enter a brief description.
- Select one of the following options:
- Select devices according to the selected task scope option.
- At the Task scope step, specify an administration group, devices with specific addresses, or a device selection.
The available settings depend on the option selected at the previous step.
- In the list of files, click Add.
The file adding wizard starts.
- In the Specify the file to move to Quarantine drop-down list, select one of the options and fill in the required fields. To add the file, you must enter the full path to the file, or both file hash and the path.
- Enter the account credentials of the user whose rights you want to use to run the task. Click Next.
Note: By default, Kaspersky Endpoint Security starts the task as the system user account (root).
- At the Finish task creation step, click the Finish button to create the task and close the wizard.
If you enabled the Open task details when creation is complete option, the task settings window opens. In this window, you can check the task parameters, modify them, or configure a task start schedule, if necessary.
- Click the new task.
The task properties window opens.
- Select the Schedule tab.
- Configure the task schedule.
Note: Make sure the computer is turned on to run the task.
- Click the Save button.
- To run the task immediately regardless of the configured schedule, do the following:
- Select the checkbox next to the task.
- Click the Run button.
As a result, Kaspersky Endpoint Security moves the file to Quarantine.
The Move file to Quarantine task can finish with the Access denied error if you are trying to quarantine an executable file that is currently running. Create a terminate process task for the file and try again.
The Move file to Quarantine task can finish with the Not enough space in Quarantine storage error if you are trying to quarantine a file that is too large. Free up the disk space and try again.
.
