cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1967
Views
0
Helpful
1
Replies

Does Cisco AMP renames files when moving files to Quarantine folder

There was an instance where Cisco AMP was detecting an infected file and while quarantine and moving to "Quarantine" folder it was renaming to .DAT files.

 

Do Cisco AMP rename threat detected files while moving to Quarantine?

1 Reply 1

Matthew Franks
Cisco Employee
Cisco Employee

AMP does not rename a source file when moving it to quarantine.  It does rename the file placed into the quarantine folder with the .qrt extension.  When a file is restored, the original name is restored.  The only way I could potentially see this occurring is if the same file (matching hash) were quarantined on multiple machines in your environment under different names.  If you believe this occurred and want to investigate further, please open a TAC case.

 

Thanks,

Matt

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: