Quarantine for Malicious Files
You can enable the quarantine for malicious file feature to store files that are blocked by the file filtering policy on the log server, to make it available for further analysis.
Once the quarantine for malicious file feature is enabled, the malicious files are stored on the log server, and a log is generated that contains the Record ID for each file. Additionally, you can export the stored malicious file from the log view to your local system.
Note:
- The log entries for malicious files consume more storage on the log server. Administrators must ensure that there is sufficient storage space available on the log server.
- The log will arrive sooner than the file content to the log server. The file is transferred in lower priority than normal logs and depending on the file size it may be significantly larger than log messages. It is advisable to wait for some time before exporting the file.
Important: Before you enable this feature, ensure that the Anti-malware scanning or Sandbox - Advanced Malware Detection, or both are enabled.