joukiejouk
asked on
How do I change the setting in ePolicy Orchestrator 4.6 to quarantine infected files, rather than to delete them?
This is for the purpose of allowing recovery of "false positive" files. Please detail step-by-step, as I am not familiar with the product, and am new to it.
Typically, most may just restore files from McAfee VSE quarantine locally. If you have access to it, you can do it from the VirusScan Console, via Quarantine Manager Policy e.g. Click the Manager tab and Right-click the required item and select Restore.
However, there is instance (quarantine (.BUP) files) that can be already deleted hence need a mean to restore a quarantined file not listed in the VSE Quarantine Manager. The steps are shared in (note the utility to separately download) https://kc.mcafee.com/corporate/index?page=content&id=KB72755
Otherwise another mean is using EPO scheduled task, pls see
https://kc.mcafee.com/corporate/index?page=content&id=KB69918
However, if scheduled task cannot restore, do also check the workaround which include local (mentioned above) or escalate to McAfee on the false positive accordingly as it is due to the installed DAT file
https://kc.mcafee.com/corporate/index?page=content&id=KB53925
However, there is instance (quarantine (.BUP) files) that can be already deleted hence need a mean to restore a quarantined file not listed in the VSE Quarantine Manager. The steps are shared in (note the utility to separately download) https://kc.mcafee.com/corporate/index?page=content&id=KB72755
Otherwise another mean is using EPO scheduled task, pls see
https://kc.mcafee.com/corporate/index?page=content&id=KB69918
However, if scheduled task cannot restore, do also check the workaround which include local (mentioned above) or escalate to McAfee on the false positive accordingly as it is due to the installed DAT file
https://kc.mcafee.com/corporate/index?page=content&id=KB53925
ASKER
Since I am a novice to ePO, let's keep this simple. I am an admin who is now in charge of managing ePO. My IT security team do not have access rights to it, but they requested me to make a change in ePO. See the embedded screenshot on the request.
From ePO console, how would I make this change? Please detail step-by-step.
From ePO console, how would I make this change? Please detail step-by-step.
Pls see link to "How to restore from a False Positive from the VirusScan Enterprise Quarantine using an ePO scheduled task" which also depicted the steps are in https://kc.mcafee.com/corporate/index?page=content&id=KB69918 (previous post included this already). if it failed, see other workarounds https://kc.mcafee.com/corporate/index?page=content&id=KB78993
ASKER
I'm still very confused. In viewing my VSE Console on my computer, I see the option of actions to take when a threat is found (see screenshot). What does "Clean file automatically" do? Does it delete the threat? I do not see an option to quarantine the threat. This policy is applied from ePO. In ePO, I want to be able to change this setting to quarantine if there is an option for it. Where would I find this setting in ePO, as what is shown in the screenshot on my client computer?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This can be done from Access Protection Policies
Follow this link
http://virusscan.helpmax.net/en/part-i-prevention-avoiding-threats/protecting-your-system-access-points/configuring-access-protection-settings/configuring-user-defined-rules/epolicy-orchestrator-4-5-or-4-6/