Skip to main content

Managing the quarantined files

The behavior of the quarantine is different for each environment:

  • Security for Endpoints stores the quarantined files on each managed computer. Using Control Center you have the option to either delete or restore specific quarantined files.

  • Security for Virtualized Environments (Multi-platform) stores the quarantined files on each managed virtual machine. Using Control Center you have the option to either delete or restore specific quarantined files.

Restoring quarantined files

On particular occasions, you may need to restore quarantined files, either to their original location or to an alternate location. One such situation is when you want to recover important files stored in an infected archive that has been quarantined.

Note

Restoring quarantined files is only possible in environments protected by Security for Endpoints and Security for Virtualized Environments (Multi-Platform).

To restore one or more quarantined files:

  1. Log in to GravityZone Control Center.

  2. Go to the Quarantine page from the left side menu.

  3. Choose Computers and VMs.

  4. Select the check boxes corresponding to the quarantined files you want to restore. Quarantined files located inside archives can only be restored to a custom location.

  5. Click the Restore button on the upper side of the table.

  6. Choose the location where you want the selected files to be restored (either the original or a custom location on the target computer).

    If you choose to restore to a custom location, you must enter the absolute path in the corresponding field.

  7. Click Save. You can notice the pending status in the Action status column.

    The requested action is sent to the target endpoints immediately or as soon as they get back online. You can view details regarding the action status in the Tasks page. Once a file is restored, the corresponding entry will disappear from the Quarantine table.

Adding exclusions for quarantined files

To exclude a quarantined file:

  1. Log in to GravityZone Control Center.

  2. Go to the Quarantine page from the left side menu.

  3. Choose Computers and VMs.

  4. Select the checkbox corresponding to the quarantined file you want to exclude.

  5. Click the Add Exclusions button on the upper side of the table and confirm your action.

    The exclusion is automatically created and displayed in the Configuration Profiles > All Exclusions page. Make sure you assign the exclusion to a list and that list is assigned to the policy applied on your endpoints. For more information, refer to Exclusions.

Retrieving and downloading quarantined files

You can remotely download quarantined files directly from the Quarantine page. This option enhances the flexibility and control of accessing quarantined files within your network whenever needed. The file is initially retrieved and then downloaded as a password-protected archive on your computer.

Additionally, you can allow your direct Bitdefender partner to retrieve and download quarantined files from your company. For more information, refer to Company details.

To retrieve and download quarantined files you must meet the following conditions:

  • Your account requires Manage Networks and Manage Company rights.

  • Your account must have two-factor authentication enabled.

  • To retrieve and download files from a child company you require additional permissions that can be granted by the respective company. For more information, refer to Company details.

  • You can retrieve a single file at a time.

  • The file size must not exceed 25 MB.

  • You can have a maximum of 10 retrieved files per company.

  • The files must be located on endpoints with Windows, Linux, or macOS operating systems.

To retrieve and download a quarantined file on your computer follow the steps below:

  1. Log in to GravityZone Control Center.

  2. Go to the Quarantine page from the left side menu.

  3. Choose Computers and VMs.

  4. Select a single file of interest from the table.

  5. Click the Retrieve button from the upper side of the page.

  6. In the new window, enter a name for the archive and a password to protect it.

  7. Read and agree to the presented terms.

  8. Click the Retrieve. button. A new task is created in the Tasks section.

  9. Once the file is successfully retrieved, on the Quarantine page click the ellipses.PNG vertical ellipsis button at the right end of the grid entry.

  10. Select the option Download retrieved file. The download process begins automatically.

Note

A retrieved file is available for download within 24 hours after which it is automatically deleted and requires a new retrieve action.

You can delete retrieved files whenever necessary. This enables you to begin a new retrieve action for a specific file or decrease the number of retrieved files in cases where your company file limit was reached.

To manually delete a retrieved file follow the next steps:

  1. On the Quarantine page from the left side menu, go to the retrieved file.

  2. Click the ellipses.PNG vertical ellipsis button at the right end of the grid entry.

  3. Select the option Delete retrieved file. The retrieved file is deleted and you can start a new retrieve action if necessary.

Submitting retrieved files to Sandbox Analyzer

You can submit previously retrieved files to Sandbox Analyzer for an in-depth behavioral analysis. To retrieve quarantined files, refer to Retrieving and downloading quarantined files.

To submit a retrieved file to Sandbox Analyzer follow the steps below:

  1. On the Quarantine page from the left side menu, go to the retrieved file.

  2. Click the ellipses.PNG vertical ellipsis button at the right end of the grid entry.

  3. Select the option Submit to Sandbox Analyzer. You will be redirected to the Manual Submission section.

  4. Enter the password used when retrieving the file.

  5. Configure the rest of the settings as desired.

  6. Click Submit.

The analysis may take a few minutes. You can view the output as a new entry on the Sandbox Analyzer page. For more information, refer to Analyzing threats in sandbox.

Submitting retrieved files to Bitdefender Labs

You can submit previously retrieved files to Bitdefender Labs for an in-depth analysis that can rule out possible false positive or negative detections. To retrieve quarantined files, refer to Retrieving and downloading quarantined files.

To submit a retrieved file to Bitdefender Labs follow the steps below:

  1. On the Quarantine page from the left side menu, go to the retrieved file.

  2. Click the ellipses.PNG vertical ellipsis button at the right end of the grid entry.

  3. Select the option Submit to Bitdefender Labs.

  4. Select your product from the list if necessary.

  5. Edit your full name and email address if necessary. The results of the analysis will be sent to the specified email address.

  6. Enter the password used when retrieving the file.

  7. Select the Sensitive file checkbox if the file you are submitting contains sensitive information.

  8. Click Submit.

Note

Submitting files from a child company requires additional permissions that can be granted by the respective company. For more information, refer to Company details.

Our specialists will further analyze your file and you will be notified on the provided email address about the outcome of the analysis.

Automatic deletion of quarantined files

By default, quarantined files older than 30 days are automatically deleted. This setting can be changed by editing the policy assigned to the managed endpoints.

To change the automatic deletion interval for quarantined files:

  1. Log in to GravityZone Control Center.

  2. Go to the Policies page from the left side menu.

  3. Find the policy assigned to the endpoints on which you want to change the setting and click its name.

  4. Go to the Antimalware > Settings page.

  5. In the Quarantine section, select the number of days after which files are being deleted.

  6. Click Save to apply changes.

Manual deletion of quarantined files

If you want to manually delete quarantined files, you should first make sure the files you choose to delete are not needed.

A file may actually be the malware itself. If your research leads you to such a situation, you can search the quarantine for the specific threat and delete it from the quarantine.

To delete one or more quarantined files:

  1. Log in to GravityZone Control Center.

  2. Go to the Quarantine page from the left side menu.

  3. Select Computers and VMs.

  4. Select the check boxes corresponding to the quarantined files you want to delete.

  5. Click the Actions button at the upper side of the table and select Delete. Click Yes to confirm your action.

    You can notice the pending status in the Action status column.

    The requested action is sent to the target network objects immediately or as soon as they get back online. Once a file is deleted, the corresponding entry will disappear from the Quarantine table.

Emptying the quarantine

To delete all the quarantined objects:

  1. Log in to GravityZone Control Center.

  2. Go to the Quarantine page from the left side menu.

  3. Select Computers and VMs.

  4. Click the Actions button and select Empty Quarantine.

    In the confirmation window, select the option Include sub-companies quarantine to also delete the quarantined objects for your child companies, and click Delete.

    All the entries from the Quarantine table are cleared. The requested action is sent to the target network objects immediately or as soon as they get back online.