When reacting to threats, Kaspersky Endpoint Detection and Response can create Move file to Quarantine tasks. This is necessary to minimize the consequences of the threat. Quarantine is a special local storage on the computer. The user can quarantine files that the user considers dangerous for the computer. Quarantined files are stored in an encrypted state and do not threaten the security of the device. Kaspersky Endpoint Security uses Quarantine only when working with Detection and Response solutions: EDR Optimum, EDR Expert, KATA (EDR), Kaspersky Sandbox. In other cases Kaspersky Endpoint Security places the relevant file in Backup. For details on managing Quarantine as part of solutions, please refer to the Kaspersky Sandbox Help, Kaspersky Endpoint Detection and Response Optimum Help, and Kaspersky Endpoint Detection and Response Expert Help, Kaspersky Anti Targeted Attack Platform Help.
You can create Move file to Quarantine tasks in the following ways:
Alert Details is a tool for viewing the entirety of collected information about a detected threat. Alert details include, for example, the history of files appearing on the computer. For details about managing alert details, refer to the Kaspersky Endpoint Detection and Response Optimum Help and the Kaspersky Endpoint Detection and Response Expert Help.
You must enter the file path or hash (SHA256 or MD5), or both the file path and the file hash.
The Move file to Quarantine task has the following limitations:
To create a Move file to Quarantine task:
The list of tasks opens.
The Task Wizard starts.
By default, Kaspersky Endpoint Security starts the task as the system user account (SYSTEM).
A new task will be displayed in the list of tasks.
The task properties window opens.
The file adding wizard starts.
If the file is located on a network drive, enter the file path starting with \\
, and not the drive letter. For example, \\server\shared_folder\file.exe
. If the file path contains a network drive letter, you can get a File not found error.
Wake-on-LAN is not available for this task. Make sure the computer is turned on to run the task.
As a result, Kaspersky Endpoint Security moves the file to Quarantine. If the file is locked by a different process, the task is displayed as Completed, but the file itself is quarantined only after the computer is restarted. After restarting the computer, confirm that the file is deleted.
The Move file to Quarantine task can finish with the Access denied error if you are trying to quarantine an executable file that is currently running. Create a terminate process task for the file and try again.
The Move file to Quarantine task can finish with the Not enough space in Quarantine storage error if you are trying to quarantine a file that is too large. Empty the Quarantine or make Quarantine larger. Then try again.
You can restore a file from Quarantine or empty the Quarantine using Web Console. You can restore objects locally on the computer using the command line.
Page top