Quarantine Management

Manage potentially malicious files detected by CyberOrigen's threat scanning.

Overview

CyberOrigen automatically scans all uploaded files for malware and threats. Suspicious files are quarantined for review before being released or deleted.

Navigate to Security → Quarantine in the sidebar.

Threat Detection

Automatic Scanning

All file uploads are scanned:

Evidence uploads
Vendor documents
Policy attachments
Imported files

Detection Methods

All uploaded assets are scanned using enterprise-grade threat detection:

Method	Description
Signature Analysis	Detection of known malware patterns
Multi-Engine Scanning	Cross-referenced threat analysis
AI Analysis	Behavioral pattern detection

Threat Levels

Level	Description	Action
Clean	No threats detected	File available immediately
Suspicious	Potential risk detected	Quarantined for review
Malicious	Confirmed threat	Quarantined, deletion recommended

Quarantine Dashboard

Statistics

View threat detection metrics:

Quarantine Statistics

Quarantined Files:    12
Threats Detected:      8
False Positives:       3
Escalations:          1

File List

View quarantined files with:

Column	Description
Filename	Original file name
Source	Where file was uploaded (evidence, vendor, policy)
Threat Level	Suspicious or Malicious
Detected	When threat was found
Status	Quarantined, Released, Deleted, Expired

Filters

Filter quarantined files by:

Status (Quarantined, Released, Deleted, Expired)
Threat level
Source type
Date range

Managing Quarantined Files

View File Details

Click any quarantined file to see:

Full file metadata
Threat analysis results
Multi-engine scan report
AI recommendation
Upload context

Release a File

If you determine the file is safe:

Click Release
Confirm you've reviewed the threat analysis
File becomes available in its original location

WARNING

Only release files you're confident are safe. Releasing malware can compromise your organization.

Delete a File

Remove a confirmed threat:

Click Delete
Confirm deletion
File is permanently removed

AI Recommendation

CyberOrigen's AI provides a recommendation:

AI Recommendation: DELETE

Analysis:
This file matches known malware signatures and exhibits
suspicious behaviors including:
- Obfuscated code execution
- Network callback attempts
- File system modification patterns

Confidence: 94%

File Status Lifecycle

Uploaded → Scanned → Clean (available)
                  ↓
              Threat Detected → Quarantined
                                    ↓
                          ┌─────────┼─────────┐
                          ↓         ↓         ↓
                      Released   Deleted   Expired

Status Types

Status	Description
Quarantined	File isolated, awaiting review
Released	Manually approved as safe
Deleted	Permanently removed
Expired	Auto-deleted after retention period

Notifications

Alert Configuration

Configure quarantine alerts in Settings → Notifications:

Email when new file quarantined
Slack notification for malicious files
Daily digest of quarantine activity

Alert Example

[CyberOrigen] Malicious File Detected

File: invoice_2026.pdf.exe
Source: Vendor Documents (Acme Corp)
Threat: Trojan.GenericKD.47891234
Detection: Multi-engine scan (32/72 engines)

Action Required: Review and delete

→ View in Quarantine

Automatic Retention

Expiration Policy

Quarantined files are automatically deleted based on retention settings:

Tier	Retention Period
Startup	30 days
Professional	90 days
Enterprise	Custom

Before Expiration

System sends reminders:

7 days before expiration
1 day before expiration

Multi-Engine Scanning

Scan Results

View detailed threat analysis:

Threat Analysis Report

Engines: 72 scanned
Detections: 32 positive

Top Detections:
- Multiple antivirus engines flagged this file
- Consistent threat classification across vendors

Risk Score: High
First Seen: 2025-12-15

Hash Lookup

Each file is checked against known threat databases:

MD5
SHA-1
SHA-256

Platform Admin View

Platform Admin Only

Cross-organization quarantine view requires Platform Admin role.

Platform administrators can:

View quarantine across all organizations
Track threat trends
Export threat intelligence
Configure global policies

API Access

bash

# List quarantined files
GET /api/v1/quarantine?status=quarantined

# Get file details
GET /api/v1/quarantine/{file_id}

# Release file
POST /api/v1/quarantine/{file_id}/release
{
  "reason": "False positive - verified safe"
}

# Delete file
DELETE /api/v1/quarantine/{file_id}
{
  "reason": "Confirmed malware"
}

See API Reference for full documentation.

Best Practices

Review Promptly: Don't let files sit in quarantine
Trust the AI: AI recommendations are highly accurate
Verify Detections: Multiple engine detections confirm threats
Document Decisions: Add reasons when releasing or deleting
Train Users: Educate on safe file handling
Monitor Trends: Track where threats originate

Quarantine Management ​

Overview ​

Threat Detection ​

Automatic Scanning ​

Detection Methods ​

Threat Levels ​

Quarantine Dashboard ​

Statistics ​

File List ​

Filters ​

Managing Quarantined Files ​

View File Details ​

Release a File ​

Delete a File ​

AI Recommendation ​

File Status Lifecycle ​

Status Types ​

Notifications ​

Alert Configuration ​

Alert Example ​

Automatic Retention ​

Expiration Policy ​

Before Expiration ​

Multi-Engine Scanning ​

Scan Results ​

Hash Lookup ​

Platform Admin View ​

API Access ​

Best Practices ​