Quarantined items

Items that are detected as threats, when compared to the existing DAT file, are cleaned or deleted. Plus, a copy of the item is converted to a non-executable format and saved in the Quarantine folder. This allows you to perform the following processes on the quarantined items after downloading a later version of the DAT, that possibly contains cleaner information:
  • Restore.

  • Rescan.

  • Delete.

  • Check for false positive.

  • View detection properties.

Note: Quarantined items can include multiple objects. Objects include files, cookies, registries, or anything VirusScan Enterprise scans for malware.

Use the information in the following section to configure the quarantine policy, or accept the defaults, and examining the quarantined items, if needed.

To access the Quarantined properties:

For option descriptions, click ? or Help on each tab.


  1. Refer to the section, Accessing the policy configuration interface to display the Quarantined configuration page.
  2. From the Quarantined page, accept the default quarantine directory, or select a different directory.
  3. To configure the days quarantined items are saved, click Automatically delete quarantined data after the specified number of days and type the Number of days to keep backed-up data in the quarantine directory.
To access the quarantined items.
  1. From the VirusScan Console Task list, click Quarantine Manager Policy and the Quarantine Manager Policy dialog box appears.
  2. Click the Manager tab, and right-click an item to access the following advanced options:
    • Restore.

    • Rescan.

    • Delete.

    • Check for false positive.

    • View detection properties.

  3. A dialog box appears and describes the affect of your attempt.

From the ePolicy Orchestrator console, use the Restore from Quarantine client task to restore quarantined items.