Quarantine
The main function of the quarantine is to safely store infected files. Files should be quarantined if they cannot be cleaned, if it is not safe or advisable to delete them, or if they are falsely detected by ESET Server Security for Linux. You can choose to quarantine any file. This is advisable if a file behaves suspiciously but is not detected by the antivirus scanner. Quarantined files can be submitted for analysis to the ESET Virus Lab.
Manage quarantined items through the Web interface
The Quarantine screen displays a list of files stored in the quarantine folder. The list displays:
•date and time of quarantine
•path to the original location of the quarantined file
•detection name (empty for manually quarantined items)
•reason of moving the file to quarantine (empty for manually quarantined items)
•number of threats (for example, if it is an archive containing multiple infiltrations)
•size and hash of quarantined item
Click the quarantined item to display the available actions:
•Restore—Restore the quarantined item to its original location
•Restore and Exclude—Restore the quarantined item to its original location and create a detection exclusion matching the path and detection name
•Copy path—Copy the original path of the file to the clipboard
•Copy hash—Copy the SHA-1 hash of the file to the clipboard
•Download—Download the quarantined item to your hard drive
•Delete from quarantine—Delete the quarantined item permanently
•Submit for analysis—Submit a copy of the quarantined item for analysis to ESET
The Restore and Exclude option is displayed only for items the detection engine evaluated as eligible for exclusion.
Path to quarantine directory: /var/opt/eset/efs/cache/quarantine/root/
To submit a quarantined file for analysis:
1.Select an item and select Submit for analysis.
2.Select an appropriate Reason for submitting the sample.
•Suspicious file: A file that cannot be cleaned during a scan or has unusual characteristics
•False positive file: A file falsely identified as malware
•Other
3.Enter your email address or select Send anonymously.
4.Click Next.
5.Provide any additional information.
6.Click Send.
Manage quarantined items via Terminal
Syntax: /opt/eset/efs/bin/quar [OPTIONS]
Options - short form |
Options - long form |
Description |
---|---|---|
-i |
--import |
Import file to quarantine |
-l |
--list |
Display list of files in quarantine |
-r |
--restore=id |
Restore quarantined item identified by id to path defined by --restore-path |
-e |
--restore-exclude=id |
Restore quarantined item identified by id and marked by 'x' in the excludable column |
-d |
--delete=id |
Delete quarantined item identified by id |
-f |
--follow |
Wait for new items and append them to the output |
|
--restore-path=path |
New path to restore a quarantined item to |
-h |
--help |
Show help |
-v |
--version |
Show version information and quit |
Restore Restore is not available if the command is not executed as a privileged user. |
Example
Delete a quarantined item with id "0123456789":
/opt/eset/efs/bin/quar -d 0123456789 |
or
/opt/eset/efs/bin/quar --delete=0123456789 |
Restore a quarantined item with id "9876543210" to the Download folder of the logged in user and rename it to restoredFile.test :
/opt/eset/efs/bin/quar -r 9876543210 --restore-path=/home/$USER/Download/restoredFile.test |
or
/opt/eset/efs/bin/quar --restore=9876543210 --restore-path=/home/$USER/Download/restoredFile.test |
Restore a quarantined item with id "9876543210" which is marked "x" in the excludable column to the Download folder:
/opt/eset/efs/bin/quar -e 9876543210 --restore-path=/home/$USER/Download/restoredFile.test |
or
/opt/eset/efs/bin/quar --restore-exclude=9876543210 --restore-path=/home/$USER/Download/restoredFile.test |
Restore file from quarantine via Terminal
1.List quarantined items.
/opt/eset/efs/bin/quar -l
2.Look up the ID and name of the quarantined object you want to restore and run the following command:
/opt/eset/efs/bin/quar --restore=ID_OF_OBJECT_TO_RESTORE --restore-path=/final/path/of/restored/file