Quarantine Directory

Views:

If the action for an infected file is "Quarantine", the Security Agent encrypts the file and temporarily moves it to a quarantine folder located in:

<Security Agent installation folder>\quarantine for agents upgraded from version 6.x or earlier
<Security Agent installation folder>\SUSPECT\Backup for newly installed agents and those upgraded from version 7.x or later

The Security Agent sends the infected file to a central quarantine directory, which you can configure from the web console, in Devices → {Group} → Configure Policy → Quarantine.

Default Central Quarantine Directory

The default central quarantine directory is located on the Security Server. The directory is in URL format and contains the Security Server’s host name or IP address, such as http://server. The equivalent absolute path is

<Security Server installation
                     folder>\PCCSRV\Virus.

If the server is managing both IPv4 and IPv6 agents, use the host name so that all agents can send quarantined files to the server.
If the server only has or is identified by its IPv4 address, only pure IPv4 and dual-stack agents can send quarantined files to the server.
If the server only has or is identified by its IPv6 address, only pure IPv6 and dual-stack agents can send quarantined files to the server.

Alternative Central Quarantine Directory

You can specify an alternative central quarantine directory by typing the location in URL, UNC path, or absolute file path format. Security Agents should be able to connect to this directory. For example, the directory should have an IPv6 address if it will receive quarantined files from dual-stack and pure IPv6 agents. Trend Micro recommends designating a dual-stack directory, identifying the directory by its host name, and using UNC path when typing the directory.

Guidelines on Specifying the Central Quarantine Directory

Refer to the following table for guidance on when to use URL, UNC path, or absolute file path:

Quarantine Directory	Accepted Format	Example	Notes
Default directory on the Security Server	URL	`http:// <server host name or IP>`	If you keep the default directory, configure maintenance settings for the directory, such as the size of the quarantine folder, in Administration → Global Settings → System tab → Quarantine Maintenance section.
Default directory on the Security Server	UNC path	`\\<server host name or IP>\ ofcscan\Virus`
Another directory on the Security Server	UNC path	`\\<server host name or IP>\ D$\Quarantined Files`	If you do not want to use the default directory (for example, if it has insufficient disk space), type the UNC path to another directory. If you do this, type the equivalent absolute path in Administration → Global Settings → System tab → Quarantine Maintenance section to allow maintenance settings to take effect.
A directory on another Security Server computer (if you have other Security Servers on the network)	URL	`http:// <server2 host name or IP>`	Ensure that agents can connect to this directory. If you specify an incorrect directory, the agent keeps the quarantined files until a correct quarantine directory is specified. In the server's virus/malware logs, the scan result is "Unable to send the quarantined file to the designated quarantine folder". If you use UNC path, ensure that the quarantine directory folder is shared to the group "Everyone" and that you assign read and write permission to this group.
	UNC path	`\\<server2 host name or IP>\ ofcscan\Virus`
Another computer on the network	UNC path	`\\<computer_ name>\temp`
A different directory on the client	Absolute path	`C:\temp`	Specify an absolute path if: You want quarantined files to reside only in the client. You do not want agents to store the files in the default directory in the client. If the path does not exist, the Security Agent automatically creates it.

Keywords: quarantine directory