How to Unquarantine a File

If your EDR Policy is set to Protect, Agents automatically block and quarantine detected threats. The quarantine action encrypts the file, changes its properties (including filename), and moves it to a confined path. If the file is not harmful, you can undo the mitigation. You can also use these steps to undo a quarantine that you ran manually.

You can unquarantine a file if it was quarantined successfully. You can see the status of each mitigation action and get a mitigation report to see all details of the action.

We recommend that you create exclusions for legitimate files, to make sure they are not be blocked and quarantined again.

Note: If the Agent is upgraded, you cannot unquarantine the files that it quarantined before the upgrade.

To unquarantine a quarantined item:

  1. In the RMM left Nav Bar, Select IntegrationsEDR > Analyze
  2. To unquarantine from the Threatstable - Select one or more Mitigated threats and click Threat Actions > Unquarantine

  3. To unquarantine from the Incident details - Click a threat to open it and click Actions > Unquarantine