Quarantine

Simple management of objects (emails and files) that were quarantined by ESET Cloud Office Security. Switch between Gmail, Google Drive, Exchange Online, OneDrive, Team groups and SharePoint sites using the tabs. You can see substantial information on each object.

Click the icon to open a sidebar with a summary of a specific object. For more detailed information, click the three dots icon or right-click an item and select Show details.

Navigate within the tree to see objects only for a specific tenant or group. To see all detections in every tenant and group, click All.

Inspect quarantined email messages or files and take action (Delete or Release). You can also Download Original file or Password protected archive in .zip format.

When you consider a detection not malicious (false positive), you can Release a file from Quarantine. The released file is automatically put to a whitelist based on the hash. All future occurrences of the same file for the same user will not be detected as suspicious and will not be quarantined. Automatic whitelisting is done per user. For other users, the same file is still going to be detected as suspicious and quarantined.

You can remove a file from the whitelist in the Detections list by using Remove whitelisted option.

Click the icon or right-click an item and select an action:

Action	Usage
Show details	Shows more detailed information about the quarantined email message.
Release (emails or files)	Releases email to its original recipient(s) in the form of a notification email from Quarantine with the original message as an attachment. In the case of a OneDrive item, the file will be uploaded to its original location in the user's OneDrive. When releasing a file from a Team group or SharePoint site, the file will appear back in its original location. The released file is automatically put to a whitelist based on the hash. This prevents the file from being quarantined again.
Delete	Deletes item from quarantine.
Download Original file	Download not protected file in its original form.
Download Password protected archive	Download protected archive by a password.
Submit sample	The sample submission dialog enables you to send a suspicious malware file, spam or phishing to ESET labs for analysis. You can also report False positive malware, spam or phishing. Select a Reason for submitting a sample from the currently available options in the drop-down menu. The currently available options may differ depending on the item you are submitting for analysis. If you see a Block sender option (when submitting spam), you can choose Block sender by email address, domain or IP and select your custom policy that will be modified to handle the sender blocking. If you do not have a custom policy, click Create new policy.

To make searching for a specific quarantined object easier, you can filter using multiple criteria. Click Add filter and select filter type from the drop-down menu or type a string (repeat when combining criteria):

Add filter	Usage
Occurred from	Specify a "date from" range.
Occurred to	Specify a "date to" range.
Subject	Applies to messages which contain or do not contain a specific string (or a regular expression) in the subject.
Message-ID	Filter email messages by unique Message-ID when searching for a specific message, especially in large logs with many messages or multiple delivery attempts.
From	Filter messages by a specific sender.
To	Filter messages by recipients.
Mailbox	Applies to messages located in a specific mailbox.
Scan result	Select one of the following options: Malware, Malware (detected by ESET LiveGuard Advanced), Phishing or Spam.
Team	Type the valid team name.
Object	Type a valid object name.
Site	Type a valid site name.
Drive	Filter files by Google Drive or OneDrive.
Sender	Filter messages sent by a specific sender.
Antispam reason	Filter messages by a reason as marked by the antispam engine.

The retention period for quarantined objects is 30 days. Objects older than 30 days will be removed from quarantine permanently.

˄˅