Quarantine files

Quarantine files

This scenario shows you how to quarantine a known malicious application.

Scenario description

Copy and rename cmd.exe: "C:\Virus\malicious application.exe".

Scenario resolution

  1. On the managed computer, create the Microsoft Word document C:\document\important document.doc.
  2. In the Altiris Console, select the Tasks tab.
  3. In the left pane, select Tasks > Security Management > Application Control >
    Windows > Application Control Tasks > Manage Applications.
  4. In the right pane, click and select Quarantine an application policy.
  5. In Step 1 of the Application Control Wizard, click Next.
  6. In Step 2, click the Include link.
  7. In the Items Selector dialog, click , and select Dynamically Evaluated Filters > Win32 Executable File Filter.
  8. In the Win32 Executable File Filter dialog, enter the following in the appropriate fields:
    • Name - Quarantine Malicious Applications
    • File Name - Malicious application.exe
  9. Click Apply and close the dialog.
  10. In the Items Selector dialog, click , select the newWin32 Executable File Filter, and click Apply.
  11. In Step 3, Enable the policy, configure the policy as follows, and click Apply:
    • Name - Quarantine Malicious Applications.
    • Description - This is a sample policy for demonstrating the quarantine capabilities of Application Control Solution.
  12. Run malicious application.exe on the managed computer.
  13. A message appears and the file is moved to C:\quarantined files.