EDR+MDR - Quarantine

How do I manage quarantined items in EDR+MDR?

Written By Marissa Fegan (Super Administrator)

Updated at October 1st, 2024

VIPRE Endpoint EDR+MDR stops and quarantines malicious items that are detected. 

The quarantined items then need to be investigated. If they are found to be malicious, they should be deleted. Occasionally, an item may have been placed in quarantine because it looked suspicious or behaved suspiciously, but upon investigation, you will find it is not malicious. These non-malicious (false-positive) items can be restored from quarantine.

Before Deleting or Restoring 

Ensure you have completed your analysis on the reported threat to verify it is malicious and should be deleted, or it is non-malicious and can be unquarantined. Without properly researching the threat, your environment could be harmed by taking an incorrect action. That is, an infected file could be restored back to your endpoint. Or, if a critical file was incorrectly identified as malicious and it is deleted from quarantine, that file is permanently gone. 

How to Delete or Restore from the Quarantine

When viewing the threat details views, you can delete or restore from the quarantine. The manage quarantine actions are available in several areas in VIPRE Cloud: the quarantine screen and the detail quarantine screen.  

  1. From the main menu, select Quarantine 
  2. Locate the reported threat that you want to delete or restore
  3. To delete or restore using the in-line detail view, click or tap in the row of the threat

If you click or tap on the threat name, the full detail view will open.

  1. To delete, Select Delete From Quarantine
  2. To restore, select Unquarantine
  3. In the confirmation box under Delete Threat or Unquarantine Item, click Yes. 

As the items are deleted or restored, the Quarantine count is decreased accordingly.

This image shows the location of the delete and un-quarantine options in the inline detail view.
This image shows the location of the delete and un-quarantine options in the inline detail view.

 

This image shows the delete and un-quarantine options are available above the threat detail data.
This image shows the delete and un-quarantine options are available above the threat detail data.