Items in Quarantine
The Quarantined Files page will be deprecated soon in an upcoming release. All functions to search for and manage your Quarantined Incidents are available on the Incidents > Policy Incidents page using the Items in Quarantine Saved View.
To find and manage Quarantined Incidents, use the following features:
- Search. In the Omnibar, you can search by Quarantine Incident Response.
- Filters. Select options on the Filters tab to scope down your search.
- Views.
- Items In Quarantine. This Saved View displays all items with a quarantine status.
- Date Picker. To see all Quarantine incidents, select All Available Data.
- Actions. Click Actions to:
- Change Owner
- Change Status
- Delete Incidents. Select the checkbox(es) for incidents you want to delete. Then click Delete in the confirmation dialog. This action cannot be undone. Large requests may take a few moments to process.
- Download CSV. Click to export violations as a CSV file. The download begins immediately.
NOTE: The columns in the CSV file reflect the columns in the table as displayed, but additional columns are included at the end by default. If the default columns match those displayed, those columns come first in the CSV file, followed by the remaining default columns. - Select Response
- Create Report
- Business Report (PDF). Create a PDF report and run it immediately, which then appears in the Report Manager.
- CSV. Create a CSV report and run it immediately, which then appears in the Report Manager.
- XLS. Create an XLS report and run it immediately, which then appears in the Report Manager.
- Schedule. Schedule a report to run at a later time, which then appears in the Report Manager.
- Settings
- Edit Table Columns. Click Actions > Edit Table Columns to add the Quarantine Status table column.
NOTE: Previously, when a quarantine action failed, the Incident Response was reported as Allowed. Now when there is a quarantine failure, the Incident Response is reported correctly as Quarantine Failed.
For more information on default table columns, and other available columns, see Policy Incidents Page.
Policy Incident Cloud Card
Click a row to display the Policy Incidents Cloud Card, which includes the Quarantine Status of the selected incident.
You can also:
- Owner. Assign an owner.
- Incident Response. Assign an Incident Response.
- Incident Status. Assign an Incident Status.
- Download a Quarantined File. In the Cloud Card, under Content, click the link to the file to download the quarantined file.
Quarantine Statuses
To add the Quarantine Status column to the Policy Incidents table, click Actions > Edit Table Columns, and select Quarantine Status.
Available Quarantine Statuses include:
- New. File has been quarantined and requires review.
- Pending. File has been put in the queue to be restored or deleted.
- Deleted. File has been permanently removed from the cloud service provider.
- Restored. File has been restored to its original location, the tombstone has been removed, and an email was sent to the user.
- Auto Restored. File has been restored automatically based on Auto Restore settings and an email was sent to the user.
- Processing. The quarantine is still in process.
- Failed. Restore or delete operation failed due to a service disruption, connectivity issues, etc.
- Quarantine Unsuccessful. Skyhigh CASB could not quarantine a file even after multiple attempts. This could be caused by:
- A user is editing the document, so the file is locked and cannot be quarantined by Skyhigh Security.
- Data retention is enabled in Microsoft Office 365, and that is preventing Skyhigh Security from quarantining or deleting the data.