Quarantine

Options

The quarantine is for keeping blocked files in a separated place. It can be used by configuring workflows (see Advanced configuration for the Workflow Template).

On the Quarantine page (History → Quarantine), the following operations can be performed on the quarantined files:
  1. By clicking on the , item details appear
  2. Pinned files won't be removed on clean-ups. Use the pin icon to do so.
  3. For removing the files from the list, please use the bin icon.
  4. Files can be downloaded by clicking the download icon.
  5. Send to MetaDefender Cloud for Threat Intelligence. For details see the next section.

The Check with MetaDefender Cloud, Check with Adaptive Sandbox, Check with SBOM, the Pin, Unpin and Delete operations can also be performed in bulk using the check-boxes before the filenames and clicking the action icons above the file list.

Check with Threat Intelligence

Files in the quarantine can be uploaded to MetaDefender Cloud to get threat intelligence on them.

This feature requires the Threat Intelligence technology to be licensed, and enabled in workflow.

Quarantine items may be sent to MetaDefender Cloud:

  1. Manually using the Send to MetaDefender Cloud, or
  2. Automatically, driven by the configuration under Quarantine settings

Quarantine settings

To edit quarantine settings, click SETTINGS in History > Quarantine. The following options are available:

  1. AUTOMATICALLY SEND ITEMS TO METADEFENDER CLOUD: If enabled, all new quarantine items will be uploaded to MetaDefender Cloud for threat intelligence information.

    1. CHECK QUARANTINE FOR NEW ITEMS TO SEND: The frequency (in seconds) to check for new quarantine items to upload to MetaDefender Cloud.

  2. RESULT POLLING: Once a quarantine item is uploaded to MetaDefender Cloud, MetaDefender must poll the Cloud for results. The polling frequency (in seconds) can be set here.

Threat intelligence details

Clicking the Show details function, the Quarantine item details view is shown. Clicking the THREAT INTELLIGENCE RESULTS tab, further details from MetaDefender Cloud are shown:

  • RESULT: Processing summary if the entry was blocked or allowed.
  • VERDICT: A more verbose details about the processing results.
  • AV ENGINES: Number of anti-virus engines that were used for scanning this item.
  • TOTAL TIME: Total processing time of this item for this scan.
  • RESULT LINK: Link to the processing results on MetaDefender Cloud.

If this quarantine item was uploaded to the Cloud multiple times, then there will be multiple THREAT INTELLIGENCE RESULTS pages in the tab.

Enabling MetaDefender Cloud integration

MetaDefender Cloud integration requires the Threat Intelligence technology to be licensed, and enabled under Inventory > Modules:

Check with Adaptive Sandbox

Files in the quarantine can be uploaded to Adaptive Sandbox to retrieve deep analysis result.

This feature requires the Adaptive Sandbox technology to be licensed, and enabled in workflow.

Quarantine items may be sent to Adaptive Sandbox:

  1. Manually select the file and click on the Check with Adaptive Sandboxbutton, or
  2. Automatically, driven by the configuration under Quarantine settings

Check with SBOM

Files in the quarantine can be uploaded to SBOM engine to retrieve deep analysis result.

This feature requires the SBOM technology to be licensed, and enabled in workflow.

Quarantine items may be sent to SBOM:

  1. Manually select the file and click on the Check with SBOMbutton, or
  2. Automatically, driven by the configuration under Quarantine settings

##

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
MetaDefender Core Performance Tuning Guide
On This Page
QuarantineOptionsCheck with Threat IntelligenceQuarantine settingsThreat intelligence detailsEnabling MetaDefender Cloud integrationCheck with Adaptive SandboxCheck with SBOM