Quarantine Management

When Endpoint Security components (such as Forensics and Anti-Ransomware, Anti-Bot, Threat Extraction, and Threat Emulation) detect malicious files, it quarantines the files automatically based on the configured policy.

All components use the same Remediation service, which performs these actions:

  • Receives the request to quarantine a file.

  • Terminates the file's process, if running.

  • Encrypts the file and stores it compressed along with metadata in a protected folder.

Note:

Starting with E89.20 (Windows), the Remediation Manager for Administrators (AdminRemediationManagerUI.exe) is no longer included. It's functionality is integrated into the Endpoint Quarantine Manager.