Quarantine Files
This scenario shows you how to quarantine a known malicious application.
Scenario Description
Copy and rename cmd.exe: "C:\Virus\malicious application.exe".
Scenario Resolution
- On the managed computer, create the Microsoft Word document C:\document\important document.doc.
- In the Altiris Console, select the Tasks tab.
- In the left pane, select Tasks > Security Management > Application Control >
Windows > Application Control Tasks > Manage Applications. - In the right pane, click ? and select Quarantine an application policy.
- In Step 1 of the Application Control Wizard, click Next.
- In Step 2, click the Include link.
- In the Items Selector dialog, click ? , and select Dynamically Evaluated Filters > Win32 Executable File Filter.
- In the Win32 Executable File Filter dialog, enter the following in the appropriate fields:
- Name - Quarantine Malicious Applications
- File Name - Malicious application.exe
- Click Apply and close the dialog.
- In the Items Selector dialog, click ?, select the newWin32 Executable File
Filter, and click Apply. - In Step 3, Enable the policy, configure the policy as follows, and click Apply:
- Name - Quarantine Malicious Applications.
- Description - This is a sample policy for demonstrating the quarantine capabilities of Application Control Solution.
- Run malicious application.exe on the managed computer.
- A message appears and the file is moved to C:\quarantined files.