Chapter 3 Retrieving and Filtering Quarantined Data

  • Article

 

Applies to: Forefront Server Security Management Console

You can use Forefront Server Security Management Console (FSSMC) to retrieve quarantined data from all managed servers for local analysis and management. For instance, you may want to find a server that received mail for a particular recipient. Rather than looking through SMTP logs, you can use the Forefront Quarantine Manager to pull data from all your servers and then filter the data to find the e-mail message for the recipient in question.

When you have retrieved records, you can filter, delete, or forward them. (For more information, see “Deleting and Forwarding Quarantine Manager Entries” in the Microsoft Forefront Server Security Management Console User Guide.)

In this chapter

Retrieving quarantined data

Filtering quarantined data

Display and hide filter fields

Filter quarantined data

Sort the filtered records

Restore the list of all records

Retrieving quarantined data

To retrieve quarantined data

  1. Under Job Management at screen left, click Quarantine Manager.

    Note

    No data can be displayed until it has been imported.

  2. In the Quarantine Manager work pane, click Retrieve Data.

  3. In the Retrieve Data work pane, select the machines from which to retrieve quarantined data.

    6c2b6fd8-693f-418d-b5ab-efd669b7c213

  4. In Start date for information retrieval, type a date or click the calendar icon and select a date from the calendar.

    Forefront Server Security Management Console will retrieve all data from the date you specify. (To limit the data displayed, you can filter it.)

  5. Click Retrieve Data to run the job.

    The data appears in the Quarantine Manager work pane. If there are more records than fit into the work pane, use Go to navigate through the data.

    c4cea9ce-3397-4ae1-a77c-00d519241ec1

Filtering quarantined data

Once you’ve imported the data, you can use filters to narrow the scope of what’s displayed.

Display and hide filter fields

  • If the filter selections do not appear, click View Filter.
  • To hide them, click Hide Filter.

Filter quarantined data

After you have retrieved data following the steps above, you can filter it. Each filter field corresponds to a field in the quarantined data. Please note that the filters have no effect on the data itself; they simply create a subset for you to view.

To filter quarantined data

  1. In the Quarantine Manager work pane, type a value into one of the filters.

    To use multiple filters, type values in more than one field and click And or Or. (All the filters will be connected by the connector you choose.)

    Example: If you wanted to see how many .exe files were quarantined, type exe into the File box, and click Apply.

    53090bf6-05aa-4b8d-a6dd-6c3ddef6858c

  2. To filter the data, click Apply.

    Only those records matching the filter will appear (although all the others are still present).

Sort the filtered records

To sort the filtered records

  1. In the Quarantine Manager work pane, select a column name in the Sort box—Host in our example above.

  2. To determine the order, click either Ascending or Descending.

    Sorting is automatic, so you don’t need to click Apply.

Restore the list of all records

  • Click Reset to clear the values in the filter fields.