Video Screencast Help

Delete quarantined files on SEP clients

Created: 13 May 2011 • Updated: 13 May 2011 | 4 comments
This issue has been solved. See solution.

I’m running SEP 11.0.6mp2. Can someone tell me how to delete the quarantined files on my SEP clients using my SEPM server?

Comments 4 CommentsJump to latest comment

P_K_'s picture

From  AV Policy we have an option for that.

It can be done from Quarantine: Clean-up Options

http://www.symantec.com/business/support/index?page=content&id=TECH104430

How to delete Quarantined items from the Symantec Endpoint Protection Manager.
 
 
How to Manage Quarantined files.
 
To configure automatic clean-up options:
      1. On the Antivirus and Antispyware Policy page, click Quarantine.
      2. On the Cleanup tab, under Repaired files, check or uncheck Enable automatic deleting of repaired files.
      3. In the Delete after box, type a value or click an arrow to select the time interval in days.
      4. Check Delete oldest files to fit directory size limit, and then type in the maximum directory size, in megabytes. The default setting is 50 MB.
      5. Under Backup files, check or uncheck Enable automatic delete of backup files.
      6. In the Delete after box, type or click an arrow to select the time interval in days.
      7. Check Delete oldest files to fit directory size limit, and then type the maximum directory size, in megabytes. The default is 50 MB.
      8. Under Quarantined Files, check or uncheck Enable automatic deleting of quarantined files that could not be repaired.
      9. In the Delete after box, type a value or click an arrow to select the time interval in days.
      10. Check Delete oldest files to fit directory size limit, and then type in the maximum directory size, in megabytes. The default is 50 MB.
      11. If you are finished with the configuration for this policy, click OK.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

Mithun Sanghavi's picture

Hello,

Follow this Symantec KB Article:

 

How to delete Quarantined items from the Symantec Endpoint Protection Manager.
 
 
How to Manage Quarantined files.
 
 
 
Also Try, Configuring automatic clean-up options:

When the client software scans a suspicious file, it places the file in the local Quarantine folder on the infected computer. The Quarantine clean-up feature automatically deletes the files in the Quarantine when they exceed a specified age. The Quarantine clean-up feature automatically deletes the files in the Quarantine when the directory where they are stored reaches a certain size.

You can configure these options using the Antivirus and Antispyware Policy. You can individually configure the number of days to keep repaired, backup, and quarantined files. You can also set the maximum directory size that is allowed before files are automatically removed from the client computer.

You can use one of the settings, or you can use both together. If you set both types of limits, then all files older than the time you have set are purged first. If the size of the directory still exceeds the size limit that you set, then the oldest files are deleted one by one. The files are deleted until the directory size falls below the limit. By default, these options are not enabled.

To configure automatic clean-up options:

  1. On the Antivirus and Antispyware Policy page, click Quarantine.
  2. On the Cleanup tab, under Repaired files, check or uncheck Enable automatic deleting of repaired files.
  3. In the Delete after box, type a value or click an arrow to select the time interval in days.
  4. Check Delete oldest files to fit directory size limit, and then type in the maximum directory size, in megabytes. The default setting is 50 MB.
  5. Under Backup files, check or uncheck Enable automatic delete of backup files.
  6. In the Delete after box, type or click an arrow to select the time interval in days.
  7. Check Delete oldest files to fit directory size limit, and then type the maximum directory size, in megabytes. The default is 50 MB.
  8. Under Quarantined Files, check or uncheck Enable automatic deleting of quarantined files that could not be repaired.
  9. In the Delete after box, type a value or click an arrow to select the time interval in days.
  10. Check Delete oldest files to fit directory size limit, and then type in the maximum directory size, in megabytes. The default is 50 MB.
  11. If you are finished with the configuration for this policy, click OK.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

John Q.'s picture

Go to "Monitors" > "Logs" then select "Risks log" and click on "View log".

You can then select infections and clic on "Command" drop-down list and choose "Remove from Quarantine".

Of course, you can select more than infection at once, or even filter Risks log to show only specific machine's infections.

Please remember to mark the proper comment as SOLUTION:
 - to identify threads that do not require further assistance
 - to let other visitors know how to fix such issue

SOLUTION
Bryon's picture

Thanks for the quick responces, this covers what I was looking for.