Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Quarantine Files

This scenario shows you how to quarantine a known malicious application.

Scenario Description

Copy and rename cmd.exe: "C:\Virus\malicious application.exe".

Scenario Resolution
  • On the managed computer, create the Microsoft Word document C:\document\important document.doc
  • Go to Arellia Security Manager and click on the Policies tab
  • Select Policies > Arellia > Application Control > Windows > Application Control Tasks > Application Control Policies
  • Right-click Application Control Policies and select New > Quarantine Application

  • Click the Include link and in the Select Items dialog box, select Dynamically Evaluated Filters > Win32 Executable File Filter and click OK.
  • In the Win32 Executable File Filter dialog, enter the following in the appropriate fields:
    • Name - Quarantine Malicious Applications
    • File Name - Malicious application.exe
    • Click OK and close the dialog.
  • In the Items Selector dialog, select New Win32 Executable Filter, and click OK.
  • Configure the policy as follows:
    • Enable the policy using the On/Off toggle.
    • Name - Quarantine Malicious Applications.
    • Description - This is a sample policy for demonstrating the quarantine capabilities of Application Control Solution.
    • Save changes to the policy.
  • Run malicious application.exe on the managed computer.
  • A message appears and the file is moved to C:\quarantined files.
  • No labels