When a Symantec client finds an infected item that cannot be repaired with the current virus definitions, it blocks access to the item. The client then packages the item along with any affected system files and settings, and moves the package to the local Quarantine. The local Quarantine is a special location that is reserved for infected files and related system side effects. After viruses and other threats are isolated in a local Quarantine, they cannot damage or spread on the computer.
Symantec clients can automatically forward the packages that contain the infected files and related side effects from a local Quarantine to the Central Quarantine. The Central Quarantine is a central repository that is composed of two primary components, the Central Quarantine Server and the Quarantine Console. The Central Quarantine Server stores infected samples and communicates with Symantec Security Response. The Quarantine Console, which snaps into Microsoft Management Console (MMC), lets you manage the Central Quarantine Server.
You can collect forensic information more easily by using Central Quarantine. You can get a sample from an infected computer without having to physically go to that computer.
In addition to scanning files for viruses, the product scans files for security risks, which include spyware, adware, hacking tools, and joke programs. You can also forward these infected files to the Central Quarantine. Threats that are detected and quarantined with Proactive Threat Protection, however, are submitted by using a different mechanism.
Install Quarantine Server:
1. Launch 'Quarantine Server.msi':
2. Accept the license:
3. Click Next:
4. Change the Maximum Disk Space accordingly:
5. Input the Contact Information:
6. Keep the gateway as default:
7. Start the installation:
8. You need to restart the system after the installation of Quarantine Server:
Install Quarantine Console:
1. Launch 'Quarantine Console.msi':
2. Accept the License:
3. Choose Destination Folder:
4. Finish the installation:
Configure Central Quarantine:
1. Launch 'Symantec Quarantine Console' from Start menu:
2. Right click 'Symantec Central Quarantine', select 'Attach to server':
3. Input the information of the Quarantine Server:
4. Edit the server properties, select 'General' tab, then click to enable 'Listen on IP', and input a port number:
Configure SEP to integrate with Central Quarantine:
Log into SEPM admin console, click to edit the AntiVirus policy. Select 'Quarantine' configuration section, on the 'General' tab, click to enable the option 'Allow client computers to automatically submit quarantined items to a Quarantine Server', then input the information of the Quarantine Server:
After a client computer be infected by a virus that need to be quarantined, the virus will be submitted to the Quarantine Server:
