Quarantine files
This scenario shows you how to quarantine a known malicious application.
Scenario description
Copy and rename cmd.exe: "C:\Virus\malicious application.exe".
Scenario resolution
- On the managed computer, create the Microsoft Word document C:\document\important document.doc
- Once you are in Arellia select the Policies tab
- Select Application Control > Policies
- Right-click Policies and select New > Quarantine Application
- Click the Include link and in the Select Items dialog box, select Dynamically Evaluated Filters > Win32 Executable File Filter and click OK
- In the Win32 Executable File Filter dialog, enter the following in the appropriate fields:
- Name - Quarantine Malicious Applications
- File Name - Malicious application.exe
- Click OK and close the dialog
- In the Items Selector dialog, select New Win32 Executable Filter, and click OK
- Configure the policy as follows:
- Enable the policy using the On/Off toggle
- Name - Quarantine Malicious Applications
- Description - This is a sample policy for demonstrating the quarantine capabilities of Application Control Solution
- Save changes to the policy
- Run malicious application.exe on the managed computer
- A message appears and the file is moved to C:\quarantined files