When you choose a quarantined item to be restored, it gives a pop up saying file successfully restored but then remains in the list as quarantined? Also, it would be nice to be able to add a file(or whole folder file resides in too) into whatever white list it should go in to (haven’t played with profiles just yet so not sure exactly where you list exceptions to avoid these false positives just yet so excuse my ignorance). Thanks.
Hello @azon2111 ,
Two things happen when you choose the file restore. The file does get restored into its original path but then immediately gets places back into the quarantine for the same reason it ended up there in the first place. It is considered either malicious or suspicious by the Antivirus.
In order to make sure that the file (or folder if you want) will not get put in the quarantine by the Antivirus anymore and be ignored, you can always whitelist the file’s location (add it to exceptions, as you previously mentioned).
This can be achieved by accessing the Settings > Global Variables > File Groups Variables and creating a group yourself then include any number of paths/entries.
This group can be added afterwards to the Profile applied on the Device, more specifically in the Antivirus tab of the Profile > Exclusions > Excluded Groups > Add and choose the one you created back in Global Variables / File Groups Variables.
Now after applying these settings you can restore an item from the quarantine and it should not go back in there because you have whitelisted either the file or the file path.
Hi @azon2111
We are also going to introduce Restore&Trust action under Quarantine section in this quarter to allow you define exception only for that file hash.
Ilker
Thank you for the responses. I would also suggest a trust chain option as well, say a folder with one executable that is flagged but is say LoB app that the entire folder should be trusted to ensure it is that simple, else an MSP risks having to spend lots of time building customized profiles for exemptions. There are 100’s of LoBs that MSPs must support and having to create exeptions for even half of them would be daunting especially when newer version don’t install into same root folder as the previous versions. Thanks.
Hello @azon2111 ,
Thank you for your feedback. Unfortunately, creating a “trust-chain” option as you have described would very easily create a lot of security gaps because it might create ‘safe’ folders in places that can be easily accessed by malware, bypassing this way the security that we provide.
Well unfortunately I cannot use the security portion then because I don’t have time to create 100’s of exceptions file by file. I have too many SMB’s with 5 or less staff. Thanks for the update regardless of the outcome.
Hello @azon2111 ,
The exceptions don’t need to be added file by file, you can add whole folders (paths) to the Global Variables > File Groups. This will ensure that all the files in that folder (or any sub-folder for that matter) are whitelisted.
Gotcha, thanks, still a manual process but not as painful as it appeared.