Issue:
For how long does WithSecure Elements Endpoint Protection (EPP for Computers and EPP for Servers) store files in quarantine and can this time period be adjusted or changed?
Is it possible to empty the quarantine of a device remotely from the Elements Endpoint Protection Portal?
Resolution:
The quarantine storage is located locally on each device running the WithSecure Elements Agent. The size of the quarantine storage space cannot be changed. The Administrator may manage the quarantine centrally via Elements Endpoint Protection Portal, and also configure for how long are items being stored.
By default, items are stored in the quarantine for 365 days. The Administrator may choose to modify this value:
- Login to Elements Endpoint Protection Portal
- Go to the Profiles page
- Select the profile
- Go to the General settings tab
- In the Quarantine section, check and modify if necessary the value for Days to keep items in Quarantine
The Administrator may choose to release or remove (delete) files that were quarantined by Elements Endpoint Protection through the portal:
- Log in to the Elements Endpoint Protection Portal
- Go to the Devices tab
- Select the device on which you wish to manage the quarantined files
- Go to the Infections tab
- Click on the actions menu icon, consisting of three horizontal dots, next to the file you wish to release from quarantine, or delete
- Choose either Delete file to remove the file from the device, or Release file to release it from quarantine
Additionally, the administrator can choose what action is taken on infected files. To be able to do this, the admin will need to disable the "Decide action on infection automatically" setting to be able to decide for themselves what action to take on the quarantined files.
To set your own decision, do as follows:
- Login to Elements Endpoint Protection Portal
- Go to the Profiles page
- Select the profile
- Go to the Real-time scanning settings
- Expand file scanning and disable Decide action on infection automatically
Now you can customize the option "Action on infection" to whatever action you require.
Example: If you wish to automatically delete infections, chose "Delete". This means when the infections are detected, they will be deleted automatically. If you set to quarantine, the infections are only quarantined, not deleted.
Note: Since the quarantine is only local, if the end user chooses to release an item from the quarantine via WithSecure Elements Agent user interface (GUI), trying to release the item afterwards via portal will cause no action to be handled, as the item will no longer be available in the quarantine.
Article no: 000008101