About moving file to quarantine

One of the possible response actions when a threat is detected is to quarantine the file.

Quarantine is a special local repository on a device with an EPP application that supports Kaspersky Endpoint Detection and Response Expert functionality and which is intended for storing files that are probably infected by viruses or cannot be disinfected at the time when they are detected. Quarantined files are stored on the protected device in an encrypted form and therefore do not compromise the device security.

The file can be quarantined manually or automatically, as a result of alert response actions.

For more information on creating a Move file to Quarantine task, refer to Kaspersky Endpoint Security for Windows Help.

Restoring files from the Quarantine is also available from the command line. For details, refer to Kaspersky Endpoint Security for Windows Online Help.

The objects are quarantined under the system account (SYSTEM), unless another account is specified in the Move file to Quarantine task. When being restored from the Quarantine, the file is moved to its original location. If the original location does not exist, then the file is moved to a special folder on the device (%ProgramData%\qb\restored), from which you can manually move it to the destination folder.