ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to quarantine a file on a discover scan

book

Article ID: 227013

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Discover Suite Data Loss Prevention Enterprise Suite

Issue/Introduction

You require an example of how to set up a discover scan file quarantine action.

This guide will provide a high-level overview of the process.

Environment

Release : 15.8

Component :

Resolution

After you have created the discover scan under the protect tab you must select Quarantine, and provide the fully qualified path to the location you want to quarantine to such as \\ServerName\QuarantineShare.

You must also provide the write credentials to that share location.

 

Now for the policy side:

You go to Manage > Policies > Response Rules > New Response Rule

Select automated response rule

Give the rule a friendly name such as Discover Quarantine, and under actions Choose network Protect > Quarantine File and select add action.

Here you can choose to add a marker file which will leave a text file in the quarantined files place. You can select the variables you want to be placed in that marker to assist with remediation.

Now in the policy, you are using to search for the offending files(s) you will select the response rule of Discover Quarantine.

 

 

 

 

 

 

 

Additional Information

This guide does not cover all of the intricasies available to this process but rather a baseline of how the process works.

Attachments