Viewing Files in Quarantine

You can view the files in an endpoint's quarantine folder using the Centralized Quarantine page or the Agent Control Panel on endpoints..

Prerequisites:

• An AntiVirus scan must have completed, with the "Attempt to clean then quarantine" or "Attempt to clean then quarantine then delete" setting configured, where a threat that could not be cleaned was detected.

Viewing Quarantined Files Using Centralized Quarantined

You can view quarantined files from the Ivanti Endpoint Security Management Console, particularly if the same file has been quarantined on several endpoints.

1. Click Manage > Centralized Quarantine.
   The Centralized Quarantine page is displayed and files with threats that could not be cleaned during an AntiVirus scan are listed. The information provided for each file is:
• File Name
• Virus/Malware Name - Name of the Virus or Malware detected in the file.
• Last Detection Date (server) - Point in time when the latest file of this type was detected in your environment.
• Endpoints Affected - Number of endpoints with the same file in quarantine.
• Endpoint - Name of the endpoint with the quarantined file. Click the hyperlink for more details.
• IP Address - IP address of the endpoint with the quarantined file.
• AV Definition Detected - Version number of the AV definition file installed on the endpoint.
• Status - The current status of the quarantined file. The status will be pending when you the system is in the process of deleting or restoring the file from endpoints.
• File Path - Path of the location on the endpoint where the file was originally before it was moved to quarantine.
• Detection Date - Point in time when the file was scanned using the latest AntiVirus definition file.
• SHA-256 Hash - The unique hash assigned to the file.

Viewing Quarantined Files Using the Agent Console

You can view quarantined files directly from the endpoint.

1. On the endpoint, select Start > Control Panel.
2. Double-click Agent Control Panel.
   The Agent Control Panel appears.
3. SelectAntiVirus > Quarantine from the main menu.
   The Quarantine pane is displayed and files with threats that could not be cleaned during an AntiVirus scan are listed. The information provided for each file is:
• File Name
• Status - The available statuses are Not Cleaned and Cleaned.
• Last Update Date - Date and time when the file was scanned using the latest AntiVirus definition file.
• Original Location - Path of the location where the file was originally before it was moved to quarantine.
• Quarantined Date - Date and time when the file was moved to quarantine.
• Details - Additional information about the quarantined file, for example the type of infection.

After Completing This Task:

Now you can:

• Wait for the next AntiVirus definition file update to see if it will clean and restore a file.
• Restore a file from quarantine. For more information, see Restoring a File from Quarantine.
• Delete a file from quarantine. For more information, see Deleting a File from Quarantine.