Why am I getting an error when Discover Protect is trying to quarantine a file?

book

Article ID: 160159

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover Data Loss Prevention Network Protect

Issue/Introduction

The Discover scan generates an incident on a file but cannot quarantine it.

Resolution

Symptom:

The Discover scan generates an incident on a file but cannot quarantine it.

Filereader.log shows the following errors:

Got RemediatorException with messge: User "username" does not have delete access to file: "C:\temp\filename"
Got RemediatorException with messge: User "username" does not have write access to quarantine directory: \\hostnaname\quarantine_dir

Resolution:

This indicates that the username you are using does not have the correct permissions to the quarantine directory.

There are two ways to make Protect work on a quarantine directory:

1. If you have the administrative privilege to the server where you will quarantine files, use the administrative share (i.e. c$, e$ etc). In other words use \\server_hostname\c$\quarantine_dir. This will automatically give the username its administrative privileges on this share. Protect then will be able to quarantine files to this directory.

2. If you are sharing a folder and not using the administrative share, i.e, \\server_hostname\share_dir, then you have to make sure that the username you are using has at least write permission to this shared folder. It does not matter if the user name is an administrator for this server. You still have to set the permissions for this share because by default a shared folder is read only.

To check the permission on a shared directory:
1.  Right click on the shared folder
2.  Select properties
3.  Go to share tab, click permission
4.  Make sure that the user name you are using is in this list and has full control