The Quarantine Files button can be found under "File Actions" on your Search Details Summary page in the upper right corner.

CAUTION: The quarantine command is a destructive process. Files on endpoints will be collected to a centralized location and then replaced with a stub (placeholder) file. The original file path will contain the stub file and the original is moved off the endpoint. Proceed with extreme caution when attempting to perform mass quarantining of files.

To quarantine files:

Once a search is complete, select the files you wish to quarantine using the line item (checkbox) selection and then click "Quarantine Files" on the Search Details Window.
Add a Group Name and then select "Quarantine" in the file pop-up message. Select cancel if you do not wish to continue.
As a fail-safe step, please type the word "quarantine" in the second box and click "Proceed". The enter key will not allow you to proceed.

A stub file will be created and placed at the original file path. The file name will be "original file name.txt"

Action Card showing a finished quarantine

A quarantine action card will be created display a status of "queued" as endpoints begin checking in and picking up their quarantine request. The status will move to "quarantine" once files begin to be quarantined on each endpoint. File-level status can ve viewed at the far right of the action card grid. If you would like to view the files that are queued for quarantine, you may sort on the column by clicking on the column header.

Maximum File Size

Files larger than 100MB must be quarantined outside of Interrogate

Quarantine Containers

Interrogate can not quarantine files inside of containers (PST, OST, ZIP)

Deleted File Flag

Files identified as deleted will not be quarantined as they no longer exist on the endpoint.

Example of stub file text automatically created by Interrogate

Browser not supported