Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Chapter 7: Using the Quarantine Database

 

Applies to: Forefront Security for SharePoint

Topic Last Modified: 2008-02-20

By default, Forefront Security for SharePoint creates a copy of every detected file before the scan engine cleans, deletes, blocks, or skips it. The Quarantine is activated by default but you can determine whether or not items will be quarantined for specific scan jobs or filters. Any files that are quarantined are encrypted and then stored in the Quarantine database.

It’s worth noting that, although quarantining files enables you to retrieve those that have been incorrectly tagged, there is overhead involved in doing this, particularly if many files are caught. Ideally, you want to quarantine files, but you may decide that the more effective course is simply to delete them.

noteNote:
The Quarantine database tables store information for each quarantined file. For more information about this and quarantines in general, refer to “SharePoint Reporting and Statistics” in the Forefront Security for SharePoint User Guide.

In this chapter

Using the Quarantine

To view quarantined items

To sort quarantined items

To filter quarantined items

To export quarantined items to a file

To manage the size of the Quarantine database

The Quarantine tables store the following information for each quarantined file.

 

Field Description

Date

Date and time the file was quarantined.

File

Name of the file that was quarantined.

Incident

Type of incident that triggered the quarantine: Virus or File Filter. Each is followed by either the name of the virus detected or the name of the filter that triggered the event.

Author Name 

Name of the author of the quarantined document.

Author's E-Mail

E-mail address of the quarantined document’s author.

Last Modified By

Name of the last user to modify the quarantined document.`

Modified User E-Mail

E-mail address of the last user to modify the quarantined document.

  • Under REPORT, click Quarantine.
    1ee23ced-829a-45b4-a9a2-408c39a9cfe2
  1. In the Quarantine work pane, click a column heading (Time, Name, and so on) to sort data based on that column.
  2. Click Save to have your settings take effect.

A filter only affects what you view on the screen; it does not modify the contents of the database.

  1. In the Quarantine work pane, check the Filtering box.
    820fa8b8-78e7-4c58-a8bf-daa1cda1d871
  2. Select a value for Field from the list, and choose the filter criteria to the right.
  3. Click Save to apply each filter.
noteNote:
To remove the filter and restore the full list of quarantined items, clear the Filtering box, and then click Save.

You can export Quarantine data to a formatted text file or a delimited text file (for use in a spreadsheet). If you’re using a filter on quarantined data, Forefront Security for SharePoint exports only the data set you have filtered.

  1. In the Quarantine work pane, click Export.
  2. In the Save box, select a destination and select either the Formatted Text or Delimited Text format.
  3. Click Save.

The Quarantine database can grow very large, which can affect performance. To manage its size, you can specify a number of days after which Forefront Security for SharePoint then purges all records from the database older than the number of days you have specified. You can set a separate value for each database.

  1. In the Quarantine work pane, check the Purge box.
  2. Choose how many days you want to keep quarantined data.
  3. Click Save for the new setting to take effect.
    When the time comes for Forefront Security for SharePoint to purge the Quarantine database, you will be asked to confirm the deletion.
noteNote:
When Forefront Security for SharePoint clears a very large Quarantine database, the deletion process can take a long time.
 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.