Viewing and Managing the SharePoint Quarantine

Viewing the SharePoint Quarantine

Open the SharePoint quarantine by clicking SharePoint, located in the Navigation Area under Quarantine Management. From the SharePoint pane you can retrieve, view, and filter your SharePoint quarantine data.

To retrieve the quarantine

1. Click SharePoint, located under Quarantine Management in the Navigation Area, to open the SharePoint work pane.

2. Click Retrieve Quarantine.

The Quarantine View will update to include newly discovered quarantined items. The time stamp above the Quarantine View displays the last time the FPSMC retrieved the quarantined data from the managed servers.

Quarantined items are listed in the Quarantine View pane. The following information is reported for each quarantined item.

You can view additional information about each quarantined item by clicking directly on the item, which populates the Quarantine Details pane, located under the Quarantine View pane, with the details of the item. The pane adds the Record Id field, which is the unique ID assigned to the quarantined item, for example {15787C6B-9880-4A10-B133-F15599596E36}.

You can navigate through your quarantine data using the page navigation icons located below the Quarantine View. You can also choose to display 10, 25, or 50 records per page by clicking on the preferred value next to Records per page.

Sort the quarantine data by clicking on the header of the column that you wish to sort by. Clicking on the header once sorts the data by the column you selected in ascending order. Clicking the header a second time sorts the data in descending order. By default, the quarantine data is sorted in descending order by the Detection Time column.

Restoring SharePoint Quarantine Items

You can restore quarantined items to their original locations for SharePoint Server 2010 items. When doing so, you should be aware that this item is now a potentially live virus, so it is recommended that you only perform this activity for files that you believe are false positives.

To restore a quarantined item

1. Click SharePoint, located in the Navigation Area under Quarantine Management, to open the SharePoint work pane.

2. Locate the quarantined item you wish to restore and click the Restore icon located in the column to the left of Detection Item. This will open the Quarantine Action pane.

3. Click Restore.

Filtering Quarantine Data

Once you have retrieved the SharePoint quarantine data, you can use filters to narrow the scope of the data that is displayed. To filter the quarantine data click the Filter View drop-down icon to expand the filtering options. To hide the filtering options click the Filter View drop-down icon again.

Each filter corresponds to a field in the Quarantine view pane. Enter a value into one of the filters, and then click Apply. Only those records matching the filter will continue to appear (although all the others are still present). A filter is matched if the value you enter is anywhere in the selected field. Using an asterisk (*) as a wildcard is not necessary. Click Clear to see all the records again and clear the values in the filter fields.

You can filter using multiple criteria by entering values in more than one field and using the And (default) and Or options. (All of the selected filters will be connected by the And or Or you select.)

You can filter the quarantine data by any of the fields displayed in the Quarantine View. To filter by detection time input the appropriate date and time values in the fields under Quarantine Span.

You can sort the filtered results using the same procedure as sorted the unfiltered data. Click the column header of the column you wish to sort by.