EPDR Quarantine
Is there a way to set EPDR to quarantine items it detects as malware/virus rather than delete?
I had some excel files with macros that were incorrectly detected and the files were deleted.
The files have been submitted to WG support and should be good now, but i'm reluctant to install on some client systems in case some files are deleted and I cannot restore them.
Or is the way to do this, install in Audit mode, run scans and then put in hardening mode if clear?
0
Sign In to comment.
Comments
Hi Gav,
I regret to inform you that the actions that the antivirus performs on the files are not configurable from the console. I imagine that what happened to you was a specific problem that has already been solved.
In the case that it had been the advanced protection that made that incorrect detection, by configuring it in Audit mode you would prevent those files from being deleted and then you could then set in Hardening or Lock mode.
Regards,
Hi again Gav,
After reviewing the query again, even if the antivirus tells you that the file has been deleted, a copy of the file is always sent to quarantine, so you should be able to click on detection and from there select the Restore and Don't t detect again (sorry the screenshot is in Spanish)
Regards,
Ok perfect thanks, I did a test with Eicar and works as per above :-)
Hi Gav,
Perfect !! Thanks for the feedback !
Regards,