Quarantine not working

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Quarantine not working

L2 Linker

Hi Team

We have enabled quarantine for wildfire and local analysis malware verdict. When initiating malware scan from cortex xdr cloud t, the malware's are getting detected and but those are not getting quarantined.Can anyone advice is this how it works?


Accepted Solutions

Next thing I would check is the agent logs after a quarantine attempt.  




You can use this test PE to trigger a quarantine event.  After the event is complete, open the log file, scroll to the bottom and look for any messages associated with the quarantine attempt.

David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

View solution in original post


L4 Transporter

Can you post a screenshot of the Portable Executable and DLL Examination portion of your malware profile?



David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 


Hi @Marsooq_A-

Just to confirm.  When you go to Endpoint Management > Endpoint Administration, select an endpoint that is failing, right-click and select View Endpoint Policy -- can you see the profile with quarantine enabled applied to the specific machine?





David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

Yes , I could see the same profile in the policy and this has been confirmed several times.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!