search cancel

About Upload quarantined files from the clients in Symantec Endpoint Protection Manager.

book

Article ID: 243578

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Query related to the feature where we upload the quarantined files to the SEPM.


Environment

SEPM/SEP : 14.3 RU4

Resolution

1. Once we get the quarantine file to the SEPM, What's the retention period? And can we configure it?

A: The hashes are stored in the DB in the Binary Table. Our Agentsweeping task will delete these every 30 days by default. In AgentSweeping Task, if it finds that the risk log has been deleted, then the file would also be deleted.  So Adjusting the risk log retention period also adjusts the same for quarantine files.

2. How can I recover the actual file that was quarantined?

A: The file seems to be inside a zip file, which is currently not working.  It should work if the quarantined file is not inside a zip.  Also there's a checkbox that needs to be checked in order for the downloads to work:

*Note: Option is located in Admin>Domains>Edit Domain Properties>General tab* 

Attachments