Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Chapter 6: Using the Quarantine Database

 

Applies to: Forefront Security for Office Communications Server

Topic Last Modified: 2009-02-04

By default, Forefront Security for Office Communications Server creates a copy of every detected attachment before the scan engines take the actions you specify. The Quarantine database is activated by default, but you can determine whether or not items will be quarantined for specific scan jobs or filters. Any files that are quarantined are encrypted and stored in the Quarantine database.

It’s worth noting that although quarantining files enables you to retrieve those that have been incorrectly tagged, there is overhead involved in doing this, particularly if many files are caught. Ideally, you want to quarantine files, but you may decide that the more effective course is simply to delete them.

noteNote:
For more information about quarantines and maintaining the quarantine database, refer to the Reporting and statistics section in the Forefront Security for Office Communications Server User Guide.

In this chapter

The Quarantine tables store the following information for each quarantined file.

 

Field Description

Date

Date the file was quarantined.

File

Name of the attachment or message that was quarantined.

Incident

Type of incident that triggered the quarantine (such as a virus or filter match).

Sender Address

The e-mail address of the person who sent the infected or filtered message.

Recipient Addresses

The e-mail addresses of the recipients of the infected or filtered message.

To view quarantined items:
  1. Under REPORT, click Quarantine.

    51e3e723-ead6-4855-99c1-a21bcbd8dac1
  2. Scroll right to see all the data for each incident.

  • In the Quarantine work pane, click a column heading (Date, File, and so on) to sort data based on that column.
    Forefront Security for Office Communications Server automatically sorts the data.

A filter affects only what you view on the screen; it does not modify the contents of the database.

To filter quarantined items:
  1. In the Quarantine work pane, check the Filtering box.

    1eb1bd6a-7a9f-4a56-992c-1d72e6dc8144
  2. Select a Field from the list

    For example, you could show only incidents for a specific sender.

  3. Select a value for Field from the list.

  4. Click Save to apply the filter.

    noteNote:
    To remove the filter and restore the full list of quarantined items, clear the Filtering box, and then click Save.

You can export Quarantine data to a formatted text file or a delimited text file (for use in a spreadsheet). If you’re using a filter on quarantined data, Forefront Security for Office Communications Server exports only the data set you have filtered.

To export quarantine items to a file:
  1. In the Quarantine work pane, click Export.

  2. In the Save box, select a destination and select either the Formatted Text or Delimited Text format.

  3. Click Save.

The Quarantine database can grow very large, which can affect performance. To manage its size, you can specify a number of days after which Forefront Security for Office Communications Server then purges from the database all records older than the number of days you have specified.

To manage the size of the Quarantine database:
  1. In the Quarantine work pane, check the Purge box.

  2. Choose how many days you want to keep quarantined data.

  3. Click Save for the new setting to take effect.

    When the time comes for Forefront Security for Office Communications Server to clear the Quarantine database, you will be asked to confirm the deletion. If the Quarantine is very large, the deletion process can take a long time.

    noteNote:
    To stop clearing the database, clear the Purge Box, and click Save.
 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.