When virus and spyware scans detect a threat or SONAR detects a threat, Symantec Endpoint Protection places the files in the client computer's local Quarantine.
See Managing scans on client computers
Table: Managing the Quarantine
Monitor files in the Quarantine
You should periodically check the quarantined files to prevent accumulating large numbers
of files. Check the quarantined files when a new virus outbreak appears on the
Leave files with unknown infections in the Quarantine. When the client receives new definitions, it rescans the items in the Quarantine and might delete or repair the file.
Delete files in the Quarantine
You can delete a quarantined file if a backup exists or if you have a copy of the file from a trustworthy source.
You can delete a quarantined file directly on the infected computer or by using the Risk log in the Symantec Endpoint Protection console.
See Using the Risk log to delete quarantined files on your client computers.
Configure how Symantec Endpoint Protection rescans items in the Quarantine when new definitions arrive
By default, Symantec Endpoint Protection rescans items in the Quarantine when new definitions arrive. It automatically repairs and restores items silently. Typically you should keep the default setting, but you can change the rescan action based on your needs.
See Configuring how the Quarantine handles the rescanning of files after new definitions arrive.
Specify how clients submit information about quarantined items
Symantec Endpoint Protection lets users submit infected or suspicious files and related side effects to Symantec Security Response for further analysis. When users submit information, Symantec can refine its detection and repair.
You can enable signature-based detections in Quarantine to be forwarded from the local Quarantine to a Central Quarantine Server. Reputation detections in the local Quarantine cannot be sent to a Central Quarantine Server. You can configure the client to forward items if you use a Central Quarantine Server in your security network. The Central Quarantine Server can send the information to Symantec Security Response. Information that clients submit helps Symantec determine if a detected threat is real.
Files that are submitted to Symantec Security Response become the property of Symantec Corporation. In some cases, files may be shared with the antivirus community. If Symantec shares files, Symantec uses industry-standard encryption and may make data anonymous to help protect the integrity of the content and your privacy.
See Configuring clients to submit quarantined items to a Central Quarantine Server or Symantec Security Response
Manage the storage of quarantined files
By default, the Quarantine stores backup, repaired, and quarantined files in a default folder. It automatically deletes files after 30 days.
You can manage the storage of quarantined items in the following ways:
Specify a local folder to store quarantined files.
You can use the default folder or a folder that you choose.
See Specifying a local Quarantine folder.
Specify when files are automatically deleted.
The Quarantine automatically deletes files after a specified number of days. You can also configure the Quarantine to delete files when the folder where the files are stored reaches a specified size. You can configure the settings individually for repaired files, backup files, and quarantined files.
See Specify when quarantined files are automatically deleted.