How to unquarantine files from ES MGR

newbie9090 Lv2Posted 02 Jun 2022 15:40

Hi guys,

1.How do we un quanrantine or restore files from the endpoint secure manager after we did an action "fixed" ?

Below is screenshot from admin logs that show quarantine files.

Mei Ying has solved this question and earned 10 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go


After performing "fixed" action, you can view the "fixed" security event by going to Response > Threat Response > Security Events > Fixed. Select the security event you wish to restore or unquarantine, then click "Restore", so it will restore to the file location.

FYI, Sangfor ES will quarantine malicious events, but will not automatically delete the files (including malware, virus, etc), until user selects a security event and click "Delete".
Is this answer helpful?
rivsy Lv5Posted 14 Jun 2022 15:45
  
To repair it click the security event, then on the security events tab click the quarantine file and click "repair" and wait until status is complete
Please see below picture for diagram

mgr1.png (122.23 KB, Downloads: 728)

mgr1.png

mgr2.png (126.85 KB, Downloads: 723)

mgr2.png
jetjetd Lv5Posted 14 Jun 2022 19:03
  
It will be deleted once you click to fix it since it is an activator and the appliance will threat it as malware.
regidorreyes Lv5Posted 16 Jun 2022 15:08
  
Viruses, Malwares like the activator will be deleted instantly and will not be quarantined so you have no option to unquarantine it. That is the behavior of Sangfor ES and only the not so malicious will be quarantined.

In order to  repair it,  go to the security event tab, then  click the quarantine file and click "repair" then wait a few minutes to complete
Faisal P Posted 16 Jun 2022 15:16
  
You can configure traffic profiles and traffic rules in traffic policy view. A traffic profile specifies the guaranteed bandwidth and maximum bandwidth.
Mei Ying Lv1Posted 28 Jun 2022 18:52
  

After performing "fixed" action, you can view the "fixed" security event by going to Response > Threat Response > Security Events > Fixed. Select the security event you wish to restore or unquarantine, then click "Restore", so it will restore to the file location.

FYI, Sangfor ES will quarantine malicious events, but will not automatically delete the files (including malware, virus, etc), until user selects a security event and click "Delete".

I Can Help:

Change

Moderator on This Board

3
14
3

Started Topics

Followers

Follow

43
2
2

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

7
11
4

Started Topics

Followers

Follow

18
8
0

Started Topics

Followers

Follow

Trending Topics

Board Leaders