Quarantine in the cybersecurity world happens when files containing malware are placed into isolation for future disinfection or examination. This strategy puts the malware in a specific area of the storage device in order to prevent it from contaminating other files or systems. The quarantine process starts when anti-virus or anti-malware solutions detect a threat but can’t eliminate it immediately.
Most solutions should be configured to not delete malware suspected files immediately in case the threat reported is a false-positive.
CyberHoot remembers the day when an AV product was set to delete malware files upon discovery. An AV vendor signature update tagged a critical system file as malware and this led to blue screens of death throughout the server infrastructure and a terribly long day for IT. Always quarantine and manually delete malware files. AV Vendors are not perfect and you will save yourself a nightmare scenario of rebuilding systems from scratch.
Files marked for quarantine are encrypted and moved to a protected folder, preventing potential harm to the user’s system. Each solution has a ‘Quarantine Manager’ feature, where users can permanently delete or restore files from quarantine. Upon review of the archived files, an exception list (white/allow list) option is commonly given to bypass false positive detection.
What does this mean for an SMB?
Anti-virus and anti-malware software is a minimum essential solution for all businesses. It must be in place to scan for various threats on your computing systems. Popular brands CyberHoot can recommend include Sophos, McAfee, and Webroot. While these solutions are important, your company needs to take additional proactive measures to reduce the chances of becoming a victim of a cyberattack. CyberHoot recommends the following best practices to prepare for, limit damages, and in some cases avoid cyberattacks entirely. These are listed in order of importance:
- Adopt two-factor authentication on all critical Internet-accessible services
- Train employees to spot and avoid email-based phishing attacks
- Require 14+ character Passwords in your Governance Policies
- Adopt a password manager for better personal/work password hygiene
- Follow a 3-2-1 backup method for all critical and sensitive data
- Check that employees can spot and avoid phishing emails by testing them
- Perform a risk assessment every two to three years
- Document and test Business Continuity Disaster Recovery (BCDR) plans
- Ensure you are compliant with all legislative controls and obligations.
- Secure cybersecurity insurance for your business.
Start building your robust, defense-in-depth cybersecurity plan today with CyberHoot.
CyberHoot does have some other resources available for your use. Below are links to all of our resources, feel free to check them out whenever you like:
- Cybrary (Cyber Library)
- Press Releases
- Instructional Videos (HowTo) – very helpful for our SuperUsers!
Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’.