Endpoint Quarantine Manager
The Endpoint Quarantine Manager lets administrators and users view and manage quarantined files.
Each quarantined item is displayed as a file, where the file name corresponds to the incident ID. Use the incident ID from logs to locate specific files.
By default, quarantined files are stored on the endpoint:
C:\ProgramData\CheckPoint\Endpoint Security\Remediation\quarantine
Best practice is to configure Copy quarantine files to a central location in the File Quarantine settings. Then you can use the Endpoint Quarantine Manager for Administrators to import all files related to an incident from one location that you can access.
The Endpoint Quarantine Manager provides additional capabilities:
-
Restore files in a protected location to test them.
-
Collect all malicious files related to an attack for research.