When the Messaging Security Agent detects a threat, spam, restricted attachment and/or restricted content in email messages, the agent can move the message to a quarantine folder. This process acts as an alternative to message/attachment deletion and prevents users from opening the infected message and spreading the threat.
The default quarantine folder on the Message Security Agent is:
<Messaging Security Agent installation folder>\storage\quarantine
Quarantined files are encrypted for added security. To open an encrypted file, use the Restore Encrypted Virus and Spyware (VSEncode.exe) tool. See Restoring Encrypted Files.
Administrators can query the quarantine database to gather information about quarantined messages.
Use Quarantine to:
Eliminate the chance of important messages being permanently deleted, if they are erroneously detected by aggressive filters
Review messages that trigger content filters to determine the severity of the policy infraction
Maintain evidence of an employee’s possible misuse of the company’s messaging system
Do not confuse the quarantine folder with the end user’s spam folder. The quarantine folder is a file-based folder. Whenever a Messaging Security Agent quarantines an email message, it sends the message to the quarantine folder. The end user’s spam folder is located in the Information Store for each user's mailbox. The end user’s spam folder only receives email messages resulting from an anti-spam quarantine to a user's spam folder and not quarantine actions as the result of content filtering, antivirus/anti-spyware, or attachment blocking policies.