Deleting a File from Quarantine

You can manually delete a file quarantined by AntiVirus, along with all associated registry keys, using the Centralized Quarantine page or the Agent Control Panel on endpoints.

Prerequisites:
  • Ensure the latest version of the AntiVirus definition file is installed on the endpoint, as it may contain the definition required to clean the threat detected.
  • Monitor the endpoint for behavior that indicates the quarantined file is required by a program to function, requiring that a replacement file be obtained.
  • Consider submitting the quarantined file you want to delete to Ivanti for further analysis. It may be a new virus or a variant of an existing one.
  • Ensure the file has been in quarantine for at least two AntiVirus definition file updates. Updates occur a minimum of once a day. Files in quarantine are automatically scanned upon update and if cleaned are moved back to their original location.

Occasionally the damage caused by a virus renders a file unable to be cleaned and must be deleted. If the file is required to regain the functionality of a program, recover it from a back-up or obtain a copy from a trustworthy source, like the vendor.

You can configure AntiVirus scans to automatically delete infected files by using the "Attempt to clean then delete" or "Attempt to clean then quarantine then delete" settings during their creation.
You can also set the option Enable the automatic deletion of files from Quarantine on Tools > Options > AntiVirus tab.

Deleting a Quarantined File Using Centralized Quarantine

You can delete a file from the Ivanti Endpoint Security Management Console, particularly if the same file has been quarantined on several endpoints.

  1. Click Manage > Centralized Quarantine.
  2. Find the file you want to delete.
    Use the filters to search for specific items.
  3. Expand its section to reveal the endpoints the file is quarantined on and additional information.

    4. Use the AV Definition Detected column to ensure the latest version of the AntiVirus definition file is installed on endpoints, as it may contain the definition required to clean the threat detected.

  4. Select the endpoints you want to restore the file to and click Delete.

Deleting a Quarantined File Using the Agent Console

You can delete a quarantined file directly from the endpoint.

  1. Log on to the endpoint and select Start > Control Panel.
  2. Double-click Agent Control Panel.
    The Agent Control Panel appears.
  3. SelectAntiVirus > Quarantinefrom the main menu.
    The Quarantine pane is displayed.
  4. Select a file from the list and then click Delete. You can select multiple files by holding CTRL.
    The dialog opens prompting you to confirm the deletion.
  5. Click Yes.
    The file is removed from quarantined and deleted from the endpoint. A Deleted alert message will be generated and can be viewed in Review > Virus and Malware Event Alerts.