Quarantine a Malicious File
On the Microsoft OneDrive, SharePoint Online, Box, Dropbox, ServiceNow, or Google Drive, when a malicious file presents a potential risk and needs remediation, you can manually quarantine the file. Only the integration user for the platform will have access to the quarantined files.
- Click the Action Menu to the right of the file that needs to be quarantined, then select
Quarantine.
- A modal appears to verify if this is the file to be quarantined. Click Quarantine.
The status will update in the report to Quarantine in Progress while the quarantine
is processing. This process can take up to five minutes; when complete, the status will
update to Quarantined.
-
For Microsoft OneDrive, SharePoint Online, Box, Dropbox, or Google Drive:
- The file identified as exposing sensitive data is moved to the Cisco_Quarantine/DLP folder Secure Access created in the root path of the Global Admin who authorized the tenant.
- The user who authorizes access to Secure Access will have access to the quarantine folder. All other accesses and collaborators are removed. Thus, we recommend that the admin add the relevant DLP Admins as additional collaborators to the folder.
-
For ServiceNow:
- The file identified as exposing sensitive data is moved to a table named Cisco_Quarantine_Malware which can be access only by the admin user who authorized the ServiceNow tenant.
- A footprint is attached to the notes\activities area of the table the file is attached to. This footprint will notify users that the file has been identified as malware, and for more information they should contact their administrator.
- Quarantine attempts may fail if the files have been locked or blocked by settings within their native platforms. Settings local to the platform where a file resides take precedence over Secure Access' ability to detect or remediate DLP violations or malware.
-
For Microsoft OneDrive, SharePoint Online, Box, Dropbox, or Google Drive:
