Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6843
Views
0
Helpful
3
Replies

Quarantine Failed on AMP

Mady
Level 4
Level 4

‎06-15-2017 06:51 PM - edited ‎02-20-2020 09:04 PM

What are the possible reasons why AMP agent mark a malicious file as quarantine failed? We have instance that the agent pop-up and showed threat detected but based on the description it was quarantined failed.

Thanks!

7 people had this problem
Labels:
0 Helpful
3 Replies 3

David Janulik
Cisco Employee
Cisco Employee

‎06-16-2017 01:04 AM

Mady,

this is difficult to answer, when there is no diagnostic data. The one possible reason is file deleted in the meantime. I'd search for the SHA-256 in the sfc.exe.log.

David

Cyber security escalation engineer
0 Helpful

Jeff Lin
Level 1
Level 1
In response to David Janulik

‎06-20-2017 02:03 AM

My case is detect another AV(360se.exe), it will appear quarantined failed.

0 Helpful

Jetsy Mathew
Cisco Employee
Cisco Employee
In response to Jeff Lin

‎07-01-2017 09:39 AM

Hello Jeff,

We would be requiring the sha and a copy of this file along with the diagnostics to verify what has happened with this particular file.

Could you please open a TAC support case so that we can verify the same for you.

Regards

Jetsy 

0 Helpful
Customers Also Viewed These Support Documents