Monitor files in the Quarantine

You should periodically check the quarantined files to prevent accumulating large numbers of files. Check the quarantined files when a new virus outbreak appears on the network.

Leave files with unknown infections in the Quarantine. When the client receives new definitions, it rescans the items in the Quarantine and might delete or repair the file.

Delete files in the Quarantine

You can delete a quarantined file if a backup exists or if you have a copy of the file from a trustworthy source.

You can delete a quarantined file directly on the infected computer or by using the Risk log in the Symantec Endpoint Protection console.

See Using the Risk log to delete quarantined files on your client computers.

Configure how Symantec Endpoint Protection rescans items in the Quarantine when new definitions arrive

By default, Symantec Endpoint Protection rescans items in the Quarantine when new definitions arrive. It automatically repairs and restores items silently. Typically you should keep the default setting, but you can change the rescan action based on your needs.

See Configuring how the Quarantine handles the rescanning of files after new definitions arrive.

Specify how clients submit information about quarantined items

Symantec Endpoint Protection lets users submit infected or suspicious files and related side effects to Symantec Security Response for further analysis. When users submit information, Symantec can refine its detection and repair.

You can enable signature-based detections in Quarantine to be forwarded from the local Quarantine to a Central Quarantine Server. Reputation detections in the local Quarantine cannot be sent to a Central Quarantine Server. You can configure the client to forward items if you use a Central Quarantine Server in your security network. The Central Quarantine Server can send the information to Symantec Security Response. Information that clients submit helps Symantec determine if a detected threat is real.

Files that are submitted to Symantec Security Response become the property of Symantec Corporation. In some cases, files may be shared with the antivirus community. If Symantec shares files, Symantec uses industry-standard encryption and may make data anonymous to help protect the integrity of the content and your privacy.

See Configuring clients to submit quarantined items to a Central Quarantine Server or Symantec Security Response

Manage the storage of quarantined files

By default, the Quarantine stores backup, repaired, and quarantined files in a default folder. It automatically deletes files after 30 days.