Quarantine Files
This scenario shows you how to quarantine a known malicious application.
Scenario
...
description
Copy and rename cmd.exe: "C:\Virus\malicious application.exe".
Scenario
...
resolution
...
- On the managed computer, create the Microsoft Word document
...
- C:\document\important document.doc.
...
- Once you are in Arellia select the
...
- Policies tab.
...
- Select Application Control >
...
4. In the right pane, click ? and select Quarantine an application policy.
5. In Step 1 of the Application Control Wizard, click Next.
6. In Step 2, click the Include link.
...
- Policies.
- Right-click Policies and select New > Quarantine Application.
- Click the Include link and in the Select Items dialog box, select Dynamically Evaluated Filters > Win32 Executable File Filter and click OK.
...
- In the Win32 Executable File Filter dialog, enter the following in the appropriate fields:
...
- Name - Quarantine Malicious Applications.
...
- File Name - Malicious application.exe
...
- .
- Click OK and close the dialog.
...
- In the Items Selector dialog,
...
- select New Win32 Executable Filter, and click
...
- OK.
...
- Configure the policy
...
- as follows
...
- :
- Enable the policy using the On/Off toggle.
- Name - Quarantine Malicious Applications.
...
- Description - This is a sample policy for demonstrating the quarantine capabilities of Application Control Solution.
...
- Save changes to the policy.
- Run malicious application.exe on the managed computer.
...
- A message appears and the file is moved to C:\quarantined files.