Manage Quarantine Settings
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Manage Quarantine Settings
To prevent malware from causing harm to data or systems,
you can enable Traps to quarantine files.
Before Traps can begin quarantining files:
- Enable Traps to quarantine files in a WildFire rule. See Configure a WildFire Rule. After you enable Traps to quarantine files, Traps quarantines any malware it identifies locally on the endpoint.
- Adjust the storage quota for event logs (see Define Event Logging Preferences). Traps stores quarantined files in the same location as the logs. When the storage folder reaches the size quota, Traps makes room for new logs by deleting the oldest logs first.
- Because Traps can quarantine only local malware and does not quarantine malware stored in network folders, we recommend that you enable logging of File Quarantine Failed events (see Forward Logs to an External Logging Platform and select the File Quarantine Failed event in the Settings - Agent section). This enables you to receive alerts about events that require manual remediation.