Quarantine Files

This scenario shows you how to quarantine a known malicious application.

Scenario description

Copy and rename cmd.exe: "C:\Virus\malicious application.exe".

Scenario resolution

• On the managed computer, create the Microsoft Word document C:\document\important document.doc.
• In the Symantec Management Console, on the Home menu, click Arellia > Application Control
• In the left pane, select Policies > Application Control > Application Control Policies
• Right-click Application Control Policies and select New > Quarantine Application

• Click the Include link and in the Items Selector dialog, select Dynamically Evaluated Filters > Win32 Executable File Filter and click OK.
• In the Win32 Executable File Filter dialog, enter the following in the appropriate fields:
  • Name - Quarantine Malicious Applications
  • File Name - Malicious application.exe
  • Click OK and close the dialog.
• In the Items Selector dialog, select New Win32 Executable Filter, and click OK.
• Configure the policy as follows:
  • Enable the policy using the On/Off toggle.
  • Name - Quarantine Malicious Applications.
  • Description - This is a sample policy for demonstrating the quarantine capabilities of Application Control Solution.
  • Save changes to the policy.
• Run malicious application.exe on the managed computer.
• A message appears and the file is moved to C:\quarantined files.