How to quarantine a file on a discover scan
search cancel

How to quarantine a file on a discover scan


Article ID: 227013


Updated On:


Data Loss Prevention Data Loss Prevention Discover Suite Data Loss Prevention Enterprise Suite


You require an example of how to set up a discover scan file quarantine action.

This guide will provide a high-level overview of the process.


Release : 15.8

Component :


After you have created the Discover scan under the protect tab you must select Quarantine, and provide the fully qualified path to the location you want to quarantine to such as \\ServerName\QuarantineShare.

You must also provide the permission to allow write access to the share location


Now for the policy side:

You go to Manage > Policies > Response Rules > New Response Rule

Select automated response rule

Give the rule a friendly name such as Discover Quarantine, and under actions Choose Network Protect > Quarantine File and select Add Action.

Here you can choose to add a marker file which will leave a text file in the quarantined files place. You can select the variables you want to be placed in that marker to assist with remediation.

Now in the policy, you are using to search for the offending files(s) you will select the response rule of Discover Quarantine.

Additional Information

This guide does not cover all of the intricacies available to this process but rather a baseline of how the process works.