ESET Online Help

Search English
Select the topic

Quarantine

The main function of the quarantine is to safely store infected files. Files should be quarantined if they cannot be cleaned, if it is not safe or advisable to delete them, or if they are falsely detected by ESET Server Security for Linux. You can choose to quarantine any file. This is advisable if a file behaves suspiciously but is not detected by the antivirus scanner. Quarantined files can be submitted for analysis to the ESET Virus Lab.

Manage quarantined items through the Web interface

The Quarantine screen displays a list of files stored in the quarantine folder. The list displays:

date and time of quarantine

path to the original location of the quarantined file

detection name (empty for manually quarantined items)

reason of moving the file to quarantine (empty for manually quarantined items)

number of threats (for example, if it is an archive containing multiple infiltrations)

size and hash of quarantined item

Click the quarantined item to display the available actions:

Restore—Restore the quarantined item to its original location

Restore and Exclude—Restore the quarantined item to its original location and create a detection exclusion matching the path and detection name

Copy path—Copy the original path of the file to the clipboard

Copy hash—Copy the SHA-1 hash of the file to the clipboard

Download—Download the quarantined item to your hard drive

Delete from quarantine—Delete the quarantined item permanently

Submit for analysis—Submit a copy of the quarantined item for analysis to ESET

The Restore and Exclude option is displayed only for items the detection engine evaluated as eligible for exclusion.

Path to quarantine directory: /var/opt/eset/efs/cache/quarantine/root/

To submit a quarantined file for analysis:

1.Select an item and select Submit for analysis.

2.Select an appropriate Reason for submitting the sample.

Suspicious file: A file that cannot be cleaned during a scan or has unusual characteristics

False positive file: A file falsely identified as malware

Other

3.Type your email address or select Send anonymously.

4.Click Next.

5.Provide any additional information.

6.Click Send.

Manage quarantined items via Terminal

Syntax: /opt/eset/efs/bin/quar [OPTIONS]

Options - short form

Options - long form

Description

-i

--import

Import file to quarantine

-l

--list

Display list of files in quarantine

-r

--restore=id

Restore quarantined item identified by id to path defined by --restore-path

-e

--restore-exclude=id

Restore quarantined item identified by id and marked by 'x' in the excludable column

-d

--delete=id

Delete quarantined item identified by id

 

--restore-path=path

New path to restore a quarantined item to

-h

--help

Show help

-v

--version

Show version information and quit


note

Restore

Restore is not available if the command is not executed as a privileged user.

Example

Delete a quarantined item with id "0123456789":

/opt/eset/efs/bin/quar -d 0123456789

or

/opt/eset/efs/bin/quar --delete=0123456789

 

Restore a quarantined item with id "9876543210" to the Download folder of the logged in user and rename it to restoredFile.test :

/opt/eset/efs/bin/quar -r 9876543210 --restore-path=/home/$USER/Download/restoredFile.test

or

/opt/eset/efs/bin/quar --restore=9876543210 --restore-path=/home/$USER/Download/restoredFile.test

 

Restore a quarantined item with id "9876543210" which is marked "x" in the excludable column to the Download folder:

/opt/eset/efs/bin/quar -e 9876543210 --restore-path=/home/$USER/Download/restoredFile.test

or

/opt/eset/efs/bin/quar --restore-exclude=9876543210 --restore-path=/home/$USER/Download/restoredFile.test

Restore file from quarantine via Terminal

1.List quarantined items.
/opt/eset/efs/bin/quar -l

2.Look up the ID and name of the quarantined object you want to restore and run the following command:
/opt/eset/efs/bin/quar --restore=ID_OF_OBJECT_TO_RESTORE --restore-path=/final/path/of/restored/file