Managing objects in Storage and quarantine

Storage is used for storing files that must be sent for scanning as well as files obtained as a result of running tasks: Get file, Restore file from quarantine, Get forensics, Get NTFS metafiles, Get registry key, Get process memory dump.

Storage is located on the Central Node server.

You can manage objects in Storage as follows: delete, download, upload, and send objects to be scanned, and filter lists of objects.

Kaspersky Anti Targeted Attack Platform displays the objects in Storage as a table of objects.

If you are using the distributed solution and multitenancy mode, Storage is located on PCN and SCN servers. The web interface of the PCN server displays information about Storage of all connected SCNs for those tenants to which the user has access.

Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

Users with the Senior security officer role can place copies of objects into Storage using tasks or by uploading the object to Storage using the Kaspersky Anti-Targeted Attack Platform web interface on the PCN or SCN server that is used for managing tenants to which the user has access.

Users with the Security officer role can only work with files received as part of tasks that the same user created on the PCN or SCN server which is used to manage tenants to which the user has access.

If you consider a file threatening, you can quarantine it on the computer with the Endpoint Agent component. Metadata of the quarantined file are displayed in the Storage section, Quarantine subsection of the Kaspersky Anti Targeted Attack Platform web interface.

Quarantine on a Kaspersky Anti Targeted Attack Platform server is an area of Storage of the server part of the Kaspersky Anti Targeted Attack Platform solution, which is used for storing metadata of objects quarantined on Endpoint Agent computer, in the Storage section, Quarantine subsection of the web interface of Kaspersky Anti Targeted Attack Platform.

You can manage quarantined objects: restore objects from quarantine and upload copies of objects quarantined on Endpoint Agent computers to Storage of Kaspersky Anti Targeted Attack Platform.

Kaspersky Anti Targeted Attack Platform displays the information about quarantined objects as a table.

The maximum capacity of Storage is determined when configuring the sizing of the application. As soon as this threshold value is exceeded, the application starts to remove the oldest copies of objects from Storage. When the amount of occupied space is again below the threshold value, the application stops removing copies of objects from Storage.

The actual size of the object can be greater than the apparent size of the object due to the metadata required to restore the object from quarantine. When an object is quarantined, its actual size is considered. Encrypted files may be sent in decrypted form (depending on encryption settings), compressed files are sent as-is.