Quarantine is a special storage location on the device for files that may be infected with viruses or cannot be disinfected at the time of detection. Quarantine allows isolating a file for further investigation. Quarantined files are stored in an encrypted form and do not threaten the security of the device. In contrast to Quarantine, Backup stores backup copies of files, in which malicious code was detected and which were deleted or modified during the disinfection process.
The application only uses Quarantine when integrated with Detection and Response solutions to perform recommended threat response actions. When the application is integrated with Kaspersky Endpoint Detection and Response Optimum or with Kaspersky Managed Detection and Response, you can also manually quarantine files that you consider dangerous for your device.
By default, the /var/opt/kaspersky/kesl/common/objects-backup/ directory is used to store quarantined files. This directory also contains Backup objects. You can change the directory for storing Backup and Quarantine objects using the command line.
Quarantined files may contain personal data. Root privileges are required to access quarantined files.
You can configure quarantine settings on a device using a policy in the Web Console or in the Administration Console or using the command line. You can configure the following Quarantine settings:
Quarantining files
Some files can be critically important for the operation of the operating system and the application. Quarantining such files can disrupt the operation of the system.
You cannot quarantine System Critical Objects (SCO). SCOs include files that are necessary for the operation of the operating system and the Kaspersky Endpoint Security application.
Placing a file in quarantine is possible only if one of the following conditions is met:
The directory for storing Backup and Quarantine objects must be writable.
When integrated with Kaspersky Endpoint Detection and Response (KATA), files can be quarantined using a task that is configured on the Kaspersky Endpoint Detection and Response (KATA) side. For more details, see the Kaspersky Anti Targeted Attack Platform Help.
When integrated with Kaspersky Managed Detection and Response, files are quarantined in one of the following ways:
For more information on working with Quarantine when integrated with Kaspersky Endpoint Detection and Response, see the Kaspersky Endpoint Detection and Response Help.
When integrated with Kaspersky Endpoint Detection and Response, files are quarantined in one of the following ways:
For more information on managing the Quarantine when integrated with Kaspersky Endpoint Detection and Response Optimum, see the Kaspersky Endpoint Detection and Response Optimum Help.
Managing quarantined files
You can manage quarantined files:
To manage quarantined files in Kaspersky Security Center, you need to enable the transfer of data about quarantined files to the Administration Server.
You can view information about quarantined files, and delete and restore files from quarantine.
Restoring, deleting, and retrieving a file from Quarantine is available regardless of whether integration with Detection and Response solutions is enabled, and regardless of whether a policy is applied to the device.
The general list of files quarantined by Kaspersky applications on client devices is kept in Kaspersky Security Center and is available in the Administration Console (Advanced → Repositories → Quarantine) and the Web Console (Operations → Repositories → Quarantine). Kaspersky Security Center does not copy files from Quarantine storages to the Administration Server; all files are stored in Quarantine storages on client devices. For detailed information about managing quarantined files in Kaspersky Security Center, refer to the Kaspersky Security Center Help.
The quarantined file is restored to its original location according to the specified settings. Once the restoration process is complete, the application deletes the quarantined copy of the restored file.
Restoring a file from quarantine fails in the following cases:
In this case, the application moves the file to the folder /var/opt/kaspersky/kesl/common/restored/. You can manually move the file from this folder to the desired folder.
Deleting a file from quarantine fails in the following cases: