Quarantine Specified Malware

For known cases of malware or ransomware, you can use Privilege Manager to prevent specified applications from running and place them in a quarantine. For this example we'll target the generic executable “malware.exe,” but you can do this with any file name.

  1. Navigate to Admin | Filters and click Create Filter.

  2. From the platform drop-down select the OS to target, for this example Windows.

  3. From the type drop-down select File Specification Filter.

  4. Add a Name and Description, click Create.

  5. On the filter page, under Settings: File Names type malware.exe.

  6. Click Save Changes.

  7. Under you Computer Group, select Application Policies.

  8. Using the Policy Wizard, create a controlling policy that blocks application execution on endpoints.

  9. Select how you want the processes blocked, either Block Silently or Notify and Block, for this example we use Block Silently. Click Next Step.

  10. Select what types you want the policy to block, for this example it's Executables.

  11. Choose your target, for this example Existing Filter.

  12. Search for and Add the malware.exe filter created in the above steps.

  13. Click Update.

  14. Click Next Step.

  15. Name your policy and add a description, click Create Policy.

  16. Under Actions, click Edit.

  17. Search for quarantine and Add the File Quarantine and Quarantine Message actions.

  18. Remove the Deny Execute and Deny Execute Message actions.

    actions

  19. Click Update.

    quarantine

  20. Click Save Changes.

  21. Set the Inactive switch to Active.

Once this policy has been applied to your endpoint/s, any executable called malware.exe will be automatically blocked and quarantined if prompted to run