cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1080
Views
0
Helpful
1
Replies

Does Cisco AMP renames files when moving files to Quarantine folder

There was an instance where Cisco AMP was detecting an infected file and while quarantine and moving to "Quarantine" folder it was renaming to .DAT files.

 

Do Cisco AMP rename threat detected files while moving to Quarantine?

1 REPLY 1
Matthew Franks
Cisco Employee

AMP does not rename a source file when moving it to quarantine.  It does rename the file placed into the quarantine folder with the .qrt extension.  When a file is restored, the original name is restored.  The only way I could potentially see this occurring is if the same file (matching hash) were quarantined on multiple machines in your environment under different names.  If you believe this occurred and want to investigate further, please open a TAC case.

 

Thanks,

Matt

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE Demo (100%)

Content for Community-Ad