Chapter 7: Using the Quarantine Database
Applies to: Forefront Security for SharePoint
By default, Forefront Security for SharePoint creates a copy of every detected file before the scan engine cleans, deletes, blocks, or skips it. The Quarantine is activated by default but you can determine whether or not items will be quarantined for specific scan jobs or filters. Any files that are quarantined are encrypted and then stored in the Quarantine database.
It’s worth noting that, although quarantining files enables you to retrieve those that have been incorrectly tagged, there is overhead involved in doing this, particularly if many files are caught. Ideally, you want to quarantine files, but you may decide that the more effective course is simply to delete them.
Note
The Quarantine database tables store information for each quarantined file. For more information about this and quarantines in general, refer to “SharePoint Reporting and Statistics” in the Forefront Security for SharePoint User Guide.
In this chapter
Using the Quarantine
To view quarantined items
To sort quarantined items
To filter quarantined items
To export quarantined items to a file
To manage the size of the Quarantine database
Using the Quarantine
The Quarantine tables store the following information for each quarantined file.
Field | Description |
---|---|
Date |
Date and time the file was quarantined. |
File |
Name of the file that was quarantined. |
Incident |
Type of incident that triggered the quarantine: Virus or File Filter. Each is followed by either the name of the virus detected or the name of the filter that triggered the event. |
Author Name |
Name of the author of the quarantined document. |
Author's E-Mail |
E-mail address of the quarantined document’s author. |
Last Modified By |
Name of the last user to modify the quarantined document.` |
Modified User E-Mail |
E-mail address of the last user to modify the quarantined document. |
To view quarantined items
- Under REPORT, click Quarantine.
To sort quarantined items
- In the Quarantine work pane, click a column heading (Time, Name, and so on) to sort data based on that column.
- Click Save to have your settings take effect.
To filter quarantined items
A filter only affects what you view on the screen; it does not modify the contents of the database.
- In the Quarantine work pane, check the Filtering box.
- Select a value for Field from the list, and choose the filter criteria to the right.
- Click Save to apply each filter.
Note
To remove the filter and restore the full list of quarantined items, clear the Filtering box, and then click Save.
To export quarantined items to a file
You can export Quarantine data to a formatted text file or a delimited text file (for use in a spreadsheet). If you’re using a filter on quarantined data, Forefront Security for SharePoint exports only the data set you have filtered.
- In the Quarantine work pane, click Export.
- In the Save box, select a destination and select either the Formatted Text or Delimited Text format.
- Click Save.
To manage the size of the Quarantine database
The Quarantine database can grow very large, which can affect performance. To manage its size, you can specify a number of days after which Forefront Security for SharePoint then purges all records from the database older than the number of days you have specified. You can set a separate value for each database.
- In the Quarantine work pane, check the Purge box.
- Choose how many days you want to keep quarantined data.
- Click Save for the new setting to take effect.
When the time comes for Forefront Security for SharePoint to purge the Quarantine database, you will be asked to confirm the deletion.
Note
When Forefront Security for SharePoint clears a very large Quarantine database, the deletion process can take a long time.