Hello everybody, everyday when I access my Cisco AMP tool I find some case where the file that is alerting has been already been put in quarantine before.
I imagine that I must been doing something wrong in my exclusion list or some similar mistake.
Can someone help me with this problem?
Solved! Go to Solution.
Most likely what is happening is that Secure Endpoint attempts to quarantine a file but the parent process (Chrome for example if it is being downloaded from a browser) still has a handle on it. This would trigger a Quarantine Failure event since we are not able to quarantine the file at that time. Then, as soon as the handle is available, we are able to quarantine the file successfully so you will also have a corresponding Quarantine Success event.