EPDR Quarantine

Is there a way to set EPDR to quarantine items it detects as malware/virus rather than delete?
I had some excel files with macros that were incorrectly detected and the files were deleted.
The files have been submitted to WG support and should be good now, but i'm reluctant to install on some client systems in case some files are deleted and I cannot restore them.
Or is the way to do this, install in Audit mode, run scans and then put in hardening mode if clear?

Comments

  • McorralMcorral WatchGuard Representative

    Hi Gav,

    I regret to inform you that the actions that the antivirus performs on the files are not configurable from the console. I imagine that what happened to you was a specific problem that has already been solved.

    In the case that it had been the advanced protection that made that incorrect detection, by configuring it in Audit mode you would prevent those files from being deleted and then you could then set in Hardening or Lock mode.

    Regards,

  • McorralMcorral WatchGuard Representative
    edited May 2023

    Hi again Gav,

    After reviewing the query again, even if the antivirus tells you that the file has been deleted, a copy of the file is always sent to quarantine, so you should be able to click on detection and from there select the Restore and Don't t detect again (sorry the screenshot is in Spanish)

    Regards,

  • Ok perfect thanks, I did a test with Eicar and works as per above :-)

  • McorralMcorral WatchGuard Representative

    Hi Gav,

    Perfect !! Thanks for the feedback !

    Regards,

Sign In to comment.