If the action for an infected file is "Quarantine", the Security Agent encrypts the file and temporarily moves it to a quarantine folder located in:
<Security Agent installation folder>\quarantine for agents upgraded from version 6.x or earlier
<Security Agent installation folder>\SUSPECT\Backup for newly installed agents and those upgraded from version 7.x or later
The Security Agent sends the infected file to a central quarantine directory, which you can configure from the web console, in
.Default Central Quarantine Directory
The default central quarantine directory is located on the Security Server. The directory is in URL format and contains the Security Server’s host name or IP address, such as http://server. The equivalent absolute path is <Security Server installation folder>\PCCSRV\Virus.
If the server is managing both IPv4 and IPv6 agents, use the host name so that all agents can send quarantined files to the server.
If the server only has or is identified by its IPv4 address, only pure IPv4 and dual-stack agents can send quarantined files to the server.
If the server only has or is identified by its IPv6 address, only pure IPv6 and dual-stack agents can send quarantined files to the server.
Alternative Central Quarantine Directory
You can specify an alternative central quarantine directory by typing the location in URL, UNC path, or absolute file path format. Security Agents should be able to connect to this directory. For example, the directory should have an IPv6 address if it will receive quarantined files from dual-stack and pure IPv6 agents. Trend Micro recommends designating a dual-stack directory, identifying the directory by its host name, and using UNC path when typing the directory.
Guidelines on Specifying the Central Quarantine Directory
Refer to the following table for guidance on when to use URL, UNC path, or absolute file path:
Quarantine Directory |
Accepted Format |
Example |
Notes |
---|---|---|---|
Default directory on the Security Server | URL |
http:// <server host name or IP> |
If you keep the default directory, configure maintenance settings for the directory, such as the size of the quarantine folder, in section. |
UNC path |
\\<server host name or IP>\ ofcscan\Virus |
||
Another directory on the Security Server |
UNC path |
\\<server host name or IP>\ D$\Quarantined Files |
If you do not want to use the default directory (for example, if it has insufficient disk space), type the UNC path to another directory. If you do this, type the equivalent absolute path in section to allow maintenance settings to take effect. |
A directory on another Security Server computer (if you have other Security Servers on the network) |
URL |
http:// <server2 host name or IP> |
Ensure that agents can connect to this directory. If you specify an incorrect directory, the agent keeps the quarantined files until a correct quarantine directory is specified. In the server's virus/malware logs, the scan result is "Unable to send the quarantined file to the designated quarantine folder". If you use UNC path, ensure that the quarantine directory folder is shared to the group "Everyone" and that you assign read and write permission to this group. |
UNC path |
\\<server2 host name or IP>\ ofcscan\Virus |
||
Another computer on the network |
UNC path |
\\<computer_ name>\temp | |
A different directory on the client |
Absolute path |
C:\temp |
Specify an absolute path if:
If the path does not exist, the Security Agent automatically creates it. |