Endpoint Protection

 View Only

  • 1.  SEPM Report - Quarantine - "Action Required"

    Posted Nov 08, 2015 06:32 PM

    One of our reports show that a threat has been quarantined, but the status comes up as "Action required".

     

    If the file was successfully quarantined, why does it say "action required"? Is this just asking for a restart of the computer?

     

    I'm wondering if this file that supposedly has been quarantined is still an active threat, or if it can be ignored? (the user will restart his computer sooner or later).



  • 2.  RE: SEPM Report - Quarantine - "Action Required"

    Posted Nov 09, 2015 12:21 PM
    Does it give more info than that? Usually a restart is needed to complete the process


  • 3.  RE: SEPM Report - Quarantine - "Action Required"

    Posted Nov 09, 2015 12:53 PM

    This happens when a POTENTIAL risk (but not a known risk) is identified by download insight or SONAR based on reputation/heuristic. In such cases, the file is quarantined to make sure that the risk is not going to be active on the PC. However, this needs the administrator's intervention to confirm whether the file is really a risk or not. Hence an "Action Rrequire" flag is raised for the detecting. 

    Also, check this link.