Endpoint Protection

 View Only

  • 1.  Quarantine vs. delete -- How does SEP determine that?

    Posted Apr 05, 2017 05:35 PM

    SEP is catching viruses on user machines.  Yeh!  In the alerts I see sometimes the file is quarantined.  Other times, it's deleted entirely.

     

    How does SEP determine whether it will quarantine or delete something it flags?  It would be default settings for this.



  • 2.  RE: Quarantine vs. delete -- How does SEP determine that?

    Posted Apr 05, 2017 05:39 PM

    If SEP can't clean or delete a malicious file, it will quarantine it. Also, depends on your settings as well. You could always quarantine it as a first action.



  • 3.  RE: Quarantine vs. delete -- How does SEP determine that?

    Posted Apr 05, 2017 05:50 PM

    Ah, interesting.  Does SEP eventually delete the quarantined items?  Or could I go in an remove them with a script if I know their location?

     

    I don't really see ever releasing something that was quarantined, even if it's a legit file or an accident/false flag.  It's easy enough to get new files.



  • 4.  RE: Quarantine vs. delete -- How does SEP determine that?

    Posted Apr 05, 2017 05:52 PM

    You can set a time frame in which to delete the quarantine after "x" days.



  • 5.  RE: Quarantine vs. delete -- How does SEP determine that?

    Posted Apr 06, 2017 05:58 AM

    Hi,

     

    If SEP will detect any suspicious file, it places the file in the local Quarantine folder on the infected computer. 

     

    It will also delete the file if size grows. - here's all you wanted to know about it -

     

    https://support.symantec.com/en_US/article.TECH106443.html