I was testing the SEP11 response to security risks in response to several Password Reveler programs being detected on our network.
SEP11 detected and removed to quarantined the Password Revelers as expected, this was encouraging.
Unfortunately in the SEP11 user console, the user had the option to restore quarantined items and worse, make them into trusted applications.
Is there a way to disable the restore button in the View Quarantine window for users?