Quarantine Management
Applies to: Forefront Server Security Management Console
The Quarantine Manager is used to import Quarantine data, from managed Forefront Security servers, for local analysis and management.
Retrieving Quarantined Data
You can use FSSMC to retrieve quarantine data from all managed servers. When you have retrieved the records, you can examine them, delete them, or forward them. (For more information, see Deleting and Forwarding Quarantine Manager Entries.)
To retrieve and manage Quarantine data
Click Quarantine Manager in the Job Management section of the Navigation Area. The Quarantine Manager work pane appears.
Note
No data will be displayed until it has been imported.
Click Import Data. The Retrieve Data work pane appears.
Select the servers or server groups from which to retrieve Quarantine data.
Select the start date for data retrieval in the Start Date For Information Retrieval field. Either type a date or click the calendar icon and select a date from the calendar. All data, from the start date until today, will be retrieved. (To limit the data displayed, see Filtering Quarantined Data.)
Click Retrieve Data to run the job. The data will be retrieved and displayed in the Quarantine Manager work pane.
If there are more records than fit into the work pane, use Go to navigate through the pages of data. The left and right arrows will display the previous and next pages, respectively or use the Go list to navigate to a specific page.
Filtering Quarantined Data
After the data has been imported to the local Forefront Server Security Management Console computer, you can use filters to narrow the scope of what is displayed. If the filter selections do not appear, click View Filter. To hide them, click Hide Filter.
Each filter corresponds to a field in the Quarantine data. Enter a value into one of the filters, and then click Apply. Only those records matching the filter will continue to appear (although all the others are still present). A filter is matched if the value you enter is anywhere in the selected field. Click Reset to see all the records again and clear the values in the filter fields.
You can filter using multiple criteria by entering values in more than one field and using the And (default) and Or options. (All the selected filters will be connected by the And or Or you select.)
Sort the results by selecting a column name in the Sort field. Select whether the data should be displayed in Ascending (default) or Descending order. Sorting is automatic. After a choice is made, you do not need to click Apply to sort the data.
For example, if you want to see how many .exe files were quarantined, enter exe into the File filter and click Apply.
Deleting and Forwarding Quarantine Manager Entries
Individual entries in the Quarantine Manager can be deleted or forwarded (released) by means of the Del and Fwd actions, respectively.
Del |
Permanently deletes the record from the Quarantine database on the remote Forefront Security server (as well as from the Quarantine Manager list). Click Del in the Action column next to any item in the list. The Quarantine Action work pane appears, displaying a summary of the item to be deleted. Click Confirm to delete the item. |
Fwd |
Allows the administrator to deliver a Quarantined message to selected recipients. Forwarded messages will be re-scanned for viruses. Click Fwd in the Action column next to any item in the list. The Quarantine Action work pane appears, displaying a summary of the item to be released. The To, cc, and bcc fields contain the addresses of the original recipients. Below each is an entry field into which that data has been copied. You can use those fields to enter different addresses that will override the original ones. Click Confirm to forward the item. |
If you select either action, you will be asked for confirmation.