Video Screencast Help

Central Quarantine is there a future?

Created: 13 Mar 2012 • Updated: 20 Mar 2012 | 18 comments
ScottM 2's picture
4 Agree
0 Disagree
+4 4 Votes
Login to vote
Status: Partially Implemented

This week I hope to install a new Central Quarantine due to hardware changes and I find I need to load the system with Windows 2003 server, 32-bit. I was planning on doing this on March 14th, 2012. So I'm curious if the technology is going to be advanced?

  • Support for newer server operating systems, 64-bit.
  • Ways to directly submit false positives (I posted this in another thread)
  • A way to submit code for further analysis to the retail portal, the platinum portal, virustotal or threat expert. Bonus points for the ability to submit to competitor's portals. Why? Because it is us against the bad guys plus defense in depth means some of us have other products installed as well.
  • Integration with the SEP console.
  • Ability to restore files to original source

Comments 18 CommentsJump to latest comment

Elisha's picture

Thanks for your suggestion.  At this point we have no specific plans to update the Central Quarantine Server.  However we may add some of these features into SEPM.

0
Login to vote
ScottM 2's picture

That would be great. Anything so that I don't have to "touch" malicious programs.

One more thing on the FP submission, while I'm asking for future wish list stuff. A raw code submission is good but if we could bundle, automatically, everything Security Response needs to make an informed & quick decision in the submission. Yea, that would be something, it would say Symantec has a commitment to get these things resolved! 

0
Login to vote
Elisha's picture

The Central Quarantine Server will be supported on Windows 2008 64bit in the next release of SEP.  Planned for SEP 11 RU7 MP2 and SEP 12.1 RU1 MP1.

+2
Login to vote
MaRRuT@CC's picture

Great to hear that! Germans love CQ! =)

It would be wonderful when CQ and the GUP Content Distrubution Monitor tool would be added directly into SEPM and not as added tools.

0
Login to vote
ScottM 2's picture

I just heard, good news.

0
Login to vote
Serengeti's picture

Hi - how good is the general experience with central quarantine server in a large environment (1000's clients) and is it only supported from SEP 12.1 RU1 MP1? (we have RU1).

 

Thanks

0
Login to vote
ScottM 2's picture

MP-1 will be out this month, right?

0
Login to vote
Elisha's picture

SEP 12.1 RU1 MP1 is due out at the end of the month.

0
Login to vote
ScottM 2's picture

Looking forward to it.

0
Login to vote
MaRRuT@CC's picture

A Combination of LUA + CQ is great for larger Enterprise Infrastructures. I'm using the tool for a very long time already

0
Login to vote
Mick2009's picture

Confirmed: a new feature of SEP 12.1 Release Update 1, MP1 is that its Quarantine Server is supported on the Windows 64-bit operating system.

  • SEP 11 RU7 MP2 is available now. (note above indicates that its QServer is also 64-bit compatible)
  • SEP 12.1 RU1 MP1 is expected to become available next week.

 

With thanks and best regards,

Mick

0
Login to vote
MaRRuT@CC's picture

Thats fantastic! great to hear that =)

+1
Login to vote
Mick2009's picture

Note that upgrading SEP or the SEPM does not automatically upgrade the Central Quarantine.  Be sure to upgrade that component to the new Qserver in the Tools folder/Tools CD.  The version is "3.6.7180.64"

With thanks and best regards,

Mick

0
Login to vote
ScottM 2's picture

Anything new in the new Qserver? 

0
Login to vote
FbacchinZF's picture

I agreed 100% whit every suggestion from ScottM 2 in this post.

Thumbs up !

0
Login to vote
Zebbelin's picture

I downloaded the "SEP 12.1.1 MP1 Part2 Tools" from fileconnect, but it seems to be not 64bit capable. Also the readme.txt shows version 3.1, but in this threat it seems that there is a version 3.6

http://www.symantec.com/connect/forums/central-quarantine-64-bit

 

How do I get it? Why is it not included to the Part2 download?

Thanks!

0
Login to vote
Elisha's picture

Cnetral Quarintine 3.6 is included in SEP 12.1.2 (RU2) which is due out later this month (November 2012).

0
Login to vote
Zebbelin's picture

Just downloaded the Symantec_Endpoint_Protection_12.1.2_Part2_Tools_EN.exe, but there is still Version 3.1 included. How do I get 3.6?

Thanks!

*edit*

The readme.txt says that it is 3.1, but when you install it, it is 3.6 and it works on a 64-Bit machine.

Unfortunately you cannot install the QConsole 3.6 on a 64-Bit OS..what a pity!
 

0
Login to vote