There are several management tasks that you can perform with quarantine in Microsoft Forefront Protection 2010 for SharePoint (FPSP). You can do the following:
- Save
quarantined files to disk
- Delete
quarantined items
- Configure
automatic deletion of quarantined items
- Export a list of
quarantined items to a file
- Quarantining
corrupted compressed files
- Quarantining on
timeout
Saving quarantined files to disk
You can decode and save quarantined items to disk. When doing so, you should be aware that this file is now a potentially live virus, so it is recommended that you only perform this activity for files that you believe are false positives. The files are saved with their original names; if there is a conflict, an ID is appended to the end of the file name in order to denote that there are multiple files with the same name, for example, filename_ID1.doc, filename_ ID2.doc, and so on.
To save quarantined items to disk-
In the Forefront Protection 2010 for SharePoint Administrator Console, click Monitoring, and in Server Security Views, click Quarantine.
-
In the Server Security Views - Quarantine pane, select one or more items and then in the Actions section, click Save Selected Items.
-
In the Save Selected Items dialog box, in the Output Path box, type or browse (by clicking Change) to the location where you want to save the items, and then click Save.
If you receive a message that the file was saved successfully, you can click the Open Folder button that appears on the Save Selected Items dialog box in order to easily access the saved items.
Deleting quarantined items
Over time, you might find that you have accumulated a large number of quarantined items. If you find that quarantine is becoming difficult to manage or you are running low on disk space, you may want to delete selected quarantined items. If many items are selected, be aware that the deletion process can take a long time.
To delete selected quarantined items-
Click Monitoring, and in Server Security Views, click Quarantine.
-
In the Server Security Views - Quarantine pane, select one or more items and then, in the Actions section, click Delete Selected Items. When you are asked to confirm your decision, click Yes. This deletes the selected items listed on the Server Security Views - Quarantine pane, as well as the files stored on disk.
You can also elect to delete all quarantined items; this is faster than deleting selected quarantined items.
To delete all quarantined items-
Click Monitoring, and in Server Security Views, click Quarantine.
-
In the Server Security Views - Quarantine pane, in the Actions section, click Delete All Quarantine Data. When you are asked to confirm your decision, click Yes. This deletes all the items listed on the Server Security Views - Quarantine pane, as well as the files stored on disk.
Configuring automatic deletion of quarantined items
You can configure FPSP to automatically purge quarantined items after they are a certain number of days old. If the purge function is enabled, all quarantined items (both the displayed records and the actual files stored on disk) that are older than the specified number of days are deleted.
To purge quarantined files after a certain number of days-
Click Monitoring, and in Configuration, click Quarantine Options.
If you are currently on the Server Security Views - Quarantine pane, in Actions, click Configure Quarantine Options.
-
In the Configuration - Quarantine Options pane, select the Automatically purge quarantined items check box. This causes the Purge after (days) field to become available.
-
In the Purge after (days) field, indicate the number of days after which items will be purged. All items older than the specified number of days will be deleted. The default is 30 days.
-
Click Save. Setting or changing the purge value takes effect only after being saved.
-
In the Configuration - Quarantine Options pane, clear the Automatically purge quarantined items check box, and then click Save. The value in the Purge after (days) field remains, but no purging takes place until the Automatically purge quarantined items check box is selected again.
Exporting a list of quarantined items to a file
You can export a list of filtered quarantined items, or all quarantined items, to a file. This may be useful when using an external program (for example, Microsoft Office Excel) to perform data analysis.
To export a list of quarantined items to a file-
Click Monitoring, and in Server Security Views, click Quarantine.
-
If you want to export a list of filtered quarantined items, select your filter criteria (for details, see "Filtering the Quarantine pane" in Viewing quarantined items. Otherwise, FPSP exports a list of all quarantined items.
-
In the Server Security Views - Quarantine pane, in the in the Actions section, click Export Filtered Data.
-
In the Export Filtered Data dialog box, in the Output File box, type or browse (by clicking Change) to the location where you want to export the file.
-
Click Export to export the file.
You should receive a message informing you that the export is in progress, followed by a message that the export was successful.
Quarantining corrupted compressed files
You can configure FPSP to quarantine corrupted compressed files.
Note: |
---|
For more information about corrupted compressed files, see Deleting corrupted compressed files. |
-
Click Policy Management, and in Global Settings, click Advanced Options.
-
In the Global Settings - Advanced Options pane, in the Scanning Options section, ensure that the Quarantine corrupted compressed files check box is checked (it is checked by default). This specifies that corrupted compressed files are quarantined. You can disable this option by clearing the check box and then clicking Save.
Quarantining on timeout
You can configure FPSP to quarantine a file or message when a scan job time-out occurs while the file or message is being scanned.
To quarantine on timeout-
Click Policy Management, and in Global Settings, click Advanced Options.
-
In the Global Settings - Advanced Options pane, in the Scanning Options section, ensure that the Quarantine on timeout check box is checked (it is checked by default). This specifies that when a scan job time-out occurs while a file or message is being scanned, the file or message is quarantined. You can disable this option by clearing the check box and then clicking Save.