Nebula provides comprehensive protection for your devices against cyber threats. It uses advanced scanning and real-time protection technologies to identify and prevent malicious activities. Whenever a threat is detected, it is isolated and encrypted, then stored in a secure location on the device. This process quarantines all files and activities related to the threat, including registry entries, shortcuts, and browser modifications.
Manage quarantined threats
To investigate and manage the blocked threats on your endpoints, review the information available on the Monitor > Quarantine page.
Check for ransomware
First, you should check the quarantine page for threats with the Ransomware category, as this is the most severe type of threat. If you see this category, click on the Threat name to learn more about the detection. Then, look at the endpoint column and identify which devices need to be checked.
Talk with the device owners about avoiding suspicious links and programs, and suggest they change their passwords for added security.
Look for endpoints with multiple detections
Next, search for endpoints with a high number of quarantined items. This could indicate repeated access to malicious content.
Talk to these device owners to enforce better security practices.
Handle false positives
Next, review the file locations of each quarantined threat to see if you recognize any items. If you see a program like Microsoft Word in the quarantine list, this may be a false positive. A false positive is when a legitimate file or application is incorrectly flagged as malicious.
If you identify any false positives, use the actions menu to restore them to their original location in an unencrypted state. You can also create an exclusion when restoring the file to prevent it from being detected again. For more information on exclusions, see Nebula exclusions and how it works.
If you are unsure if a detection is a false positive, contact Support.
Delete quarantined items
CAUTION - Deleted quarantine items cannot be restored.
After reviewing the quarantine for potential false positives, use the actions menu to delete the remaining quarantined items. This eliminates the file from the device and clears the list so you don't review the same items next time. For more details on the quarantine page, see Manage quarantine in Nebula.
