Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Contributor

Deleting a quarantined file

Jump to solution

What's the best way to remotely delete files that have been quarantined?

In R80.20 SmartEndpoint UI there is a restore file option but no delete file option.

DeleteFileMissing.jpg

 

The above image shows options for Anti-Malware blade but there can be quarantined files from other blades like Threat Emulation. Where would we be able to remotely delete these quarantined files?

I understand restoring files can be done from the client machine but we wouldn't always have access, especially for those devices within different timezone to us. Remote management is also more suitable as it's less disruption to the users workday. 

0 Kudos
Reply
1 Solution

Accepted Solutions
Admin
Admin
I assume it's the same quarantine used for both.
The SBA Quarantine Manager for Administrators can theoretically run on any machine and an admin can remove files from quarantine for other machines.
A user can also potentially run it for themselves as well.

View solution in original post

0 Kudos
Reply
5 Replies
Admin
Admin
I don't believe we have the ability to remotely delete files.
I'm assuming you're referring to files in quarantine here, correct?
0 Kudos
Reply
Contributor

Hey PhoneBoy, thanks for your reply.

Yes files in quarantine, I'm guessing that irrespective of the blade that quarantined the files they are stored locally on the host in C:\ProgramData\CheckPoint\Endpoint Security\Remediation\Quarantine ?

Is there a setting to automatically remove quarantined after a specific date ?

 

0 Kudos
Reply
Admin
Admin

That looks correct.
In the Default File Quarantine Settings, files are kept in quarantine for 90 days and users can permanently delete items from quarantine.
You can further configure this.

Also, there does appear to be a utility (referred to as "SandBlast Agent Quarantine Manager for Administrators") that will allow remote deletion.
Search SupportCenter and download the version relevant version:

Screen Shot 2020-06-10 at 7.04.42 PM.png

0 Kudos
Reply
Contributor
The Default File Quarantine Settings is part of the Forensics Blade, am i right to assume that it doesn't affect files quarantined by other blades, like Anti-Malware for example?

We have used "SandBlast Agent Quarantine Manager for Administrators" and this can manually delete files from %ProgramData%\CheckPoint\Endpoint Security\Remediation\Quarantine i take it this has to be used from the host machine?
Many thanks for your reply Phone Boy.
0 Kudos
Reply
Admin
Admin
I assume it's the same quarantine used for both.
The SBA Quarantine Manager for Administrators can theoretically run on any machine and an admin can remove files from quarantine for other machines.
A user can also potentially run it for themselves as well.

View solution in original post

0 Kudos
Reply