Jump to content
Malwarebytes Endpoint Security reached End of Life on August 4th 2021. Click for more details.

Quarantine and how to?

lazzo
 Share

Recommended Posts

lazzo

lazzo

Posted
Posted

Hi everybody,

 

due to a corporate policy, we have to verify the files detected and quarantined, mainly using virustotal for that. The clients are installed silently without any indication for the users available, that there is additional security software running. Apparently, the files are quarantined locally on the client and in the client GUI (on my own machine) I can see the path, where to look for the file, but how do I do that for all the other clients?

 

Wouldn´t a centralized quarantine on the management server be much more appropriate for a business product?

 

Do you have some workaround for that?

 

Cheers,

 

lazzo

Link to post
Share on other sites
  • Staff
Rsullinger

Rsullinger

Posted
  • Staff
Posted

Hey Iazzo,

 

Just to confirm, are you trying to upload the quarantined file to virustotal or just using the quarantine tab on the clients to find the infection location? If you are just looking for the file paths for our detection, you can see that in client pane on the management console. You can click on any client and in the security view area, you can see the exact file path for the detected file. 

 

Also, since the quarantined files are encrypted in our C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine directory so you would need to remove the item from quarantine to run them through virus-total as well. 

 

Thank you,

 

Ron S

Link to post
Share on other sites
lazzo

lazzo

Posted
  • Author
Posted

Hi Ron,

 

to avoid any confusion, you need to go to the client itself, to perform this task? There is no option to setup a centralized storage space for quarantined files, from which you could extract them to be reviewed by VirusTotal?

 

With several hundred clients around, that does not seem to be really suitable, are you going to change that anytime soon?

 

Kind regards,

 

lazzo

Link to post
Share on other sites
  • Staff
Rsullinger

Rsullinger

Posted
  • Staff
Posted

Hey Iazzo,

 

That is correct. There is no way in the program to have all of the quarantined files centralized on the server or another external location. I am not sure of any plans on changing this currently, but I can submit this as a feature request/enhancement to our Pm team to show that there is interest in this type of system.

Thank you,

 

Ron S

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.