See also : How Restore Files from Quarantine
The Auto Quarantine feature in cPFence allows detected malware to be automatically isolated by moving infected files to a quarantine directory. This helps secure your system by preventing potential threats from spreading or being executed. Follow the instructions below to enable or disable this feature.
Enabling Auto Quarantine
By default, Auto Quarantine is disabled. To automatically quarantine detected threats, follow these steps:
- Run an Initial Scan (Optional but Recommended)
Before enabling Auto Quarantine, it is recommended to perform a full scan without quarantine to review and whitelist safe files.
Use the following command to run the scan:
cpfence --full-scanReview the scan results and whitelist any legitimate files that might have been flagged.
- Enable Auto Quarantine
To enable Auto Quarantine and automatically move infected files to the quarantine directory (/opt/cpfence/quarantined/), use the following command:
cpfence --enable-quarantineOnce enabled, any future detections will be automatically quarantined.
Disabling Auto Quarantine
If you prefer to manually review scan results and take action, you can disable Auto Quarantine at any time:
- Disable Auto Quarantine
To disable Auto Quarantine and stop automatic isolation of detected threats, use the following command:
cpfence --disable-quarantineWhen Auto Quarantine is disabled, you will need to manually review the scan results and decide whether to quarantine, delete, or ignore the detected files. See also How to restore files from quarantine.
Quarantine Location
When Auto Quarantine is enabled, all infected files will be moved to the following directory:
/opt/cpfence/quarantined/You can review the quarantined files here and take further action if necessary.
Summary of Commands
- Enable Auto Quarantine:
cpfence --enable-quarantine- Disable Auto Quarantine:
cpfence --disable-quarantine- Run Full Scan Without Quarantine:
cpfence --full-scanBy using Auto Quarantine, you ensure that any detected threats are automatically contained, improving the overall security of your system. However, if you prefer to manually review each scan result, simply disable the feature and monitor the system as needed.
