When malicious files are detected and quarantined, the files and registry settings are copied and encrypted into a quarantine folder on the endpoint. The Quarantine page in OneView is an index for each item on the endpoint and allows you to restore or delete detected files.
While OneView uses its best judgment whether a file is a threat, false positives are possible. You may also find items in Quarantine that are legitimate. View detected items and cross-check the information to verify if the file is legitimate with other Threat Intelligence databases, such as VirusTotal, using the SHA256 hash of the file.
At the top of the page, click the Select a site dropdown to filter the Quarantine table for a site. The Quarantine table helps you manage the available information more efficiently. The following features are available on the Quarantine table:
- Reset filters: In the upper-right corner of the page, click Reset filters to go back to the default filter settings.
- Customize table columns: In the top-right of the table, click Add / Remove Columns to customize the table columns.
- Column pinning and auto-sizing: Next to a column header, click the filter button to display a checkbox list of different sub-filters you can apply. Click the filter tab to pin or auto size for the selected column.
- Right-click menu: In the table, click and drag to select and highlight a table section. Right-click on your selected information to copy or export a .csv or an .xlsx file.
- Select all: Click the checkbox next to the Threat name column header.
- Actions menu: In the top-right, click the kebab icon for additional actions.
- Download .csv: Export a report in .csv format containing the selected rows of data.
- Download .xlsx: Export a report in .xlsx format containing the selected rows of data.
- Restore: Restore the selected files from quarantine.
Note: When restoring quarantined files from a USB device, the device must remain plugged in.
- Create exclusion: Create exclusions on the selected quarantined items. Only Global Administrators and Site Administrators can create exclusions. For more information on exclusions, see Overview of exclusions in OneView.
- Restore & Create exclusion: Restore and create exclusions on the selected quarantined items.
- Delete: Delete the files from quarantine. This action cannot be undone and files cannot be restored once deleted.