Skip to main content
All CollectionsCYFOX XDRBest Practices
How to Release a Quarantined Software
How to Release a Quarantined Software
Omer Kushmirski avatar
Written by Omer Kushmirski
Updated over a year ago

Introduction: The Risks Posed by Untrusted Software

Untrusted software introduces a variety of potential risks, including vulnerabilities and viruses, which can pose a significant threat to both individual endpoints and the overall security of a company.

To address this concern, the CYFOX Agent deploys an additional layer of protection during software evaluation. It goes beyond just identifying malicious files; it also checks for official certificates that indicate the software's legitimacy and the trustworthiness of the provider.

However, it's essential to acknowledge a limitation of this approach. Not all software in use today, particularly lesser-known applications, come with certificates from trusted providers. This may lead to the agent quarantining some software without the user's intention or desire.

Although the ideal approach is always to work with official and trusted software, we recognize that there may be specific use cases where alternative options are necessary. Consequently, the Agent offer a supported method for releasing software from quarantine and adding it to the whitelist, even in the absence of a certificate.

The following guide will provide detailed instructions on addressing this situation and offer a method for releasing these programs and adding them to a whitelist.

Note: To release quarantined software, you must have access to the Server UI/Cloud single-tenant view with admin-level permissions. You can also contact our SOC team at [email protected] or call +1 646 666 0686 for further assistance.

Full guide: How to release a software

Step 1: Open and log into the server (for on-prem server users) or access your single-tenant view (for cloud users).

Note: If you are operating in a hybrid mode, it is recommended to open the server itself for a quicker response.

Step 2: Once you are logged in, navigate to the 'Forensics' page, and then select the 'Agent Mitigations' page.

Step 3: Scroll down to the 'Quarantine' section. Here, you will find a list of quarantined files, events, and software. Note that you can filter the time range using the options at the top.

Step 4: Click on the pencil icon and select 'Release.'

Once you've completed this step, you're all set, and the software will be released from quarantine, allowing it to operate as intended."

Did this answer your question?