Use case: Restore quarantined files or email items

When McAfee DLP Endpoint discovery finds sensitive content, it moves the affected files or email items into a quarantine folder, replacing them with placeholders that notify users that their files or emails have been quarantined. The quarantined files and email items are also encrypted to prevent unauthorized use.

Before you begin

To display the McAfee DLP icon in Microsoft Outlook, the Show Release from Quarantine Controls in Outlook option must be enabled in Policy CatalogClient PolicyOperational Mode and Modules. When disabled, both the icon and the right-click option for viewing quarantined emails are blocked, and you cannot release emails from quarantine.

When you set a file system discovery rule to Quarantine and the crawler finds sensitive content, it moves the affected files into a quarantine folder, replacing them with placeholders that notify users that their files have been quarantined. The quarantined files are encrypted to prevent unauthorized use.

For quarantined email items, McAfee DLP Endpoint discovery attaches a prefix to the Outlook Subject to indicate to users that their emails have been quarantined. Both the email body and any attachments are quarantined.

Note: The mechanism has been changed from previous McAfee DLP Endpoint versions, which could encrypt either the body or attachments, to prevent signature corruption when working with the email signing system.
Microsoft Outlook calendar items and tasks can also be quarantined.

Task

  1. To restore quarantined files:
    1. In the system tray of the managed computer, click the McAfee Agent icon, and select Manage FeaturesDLP Endpoint Console.
      The DLP Endpoint Console opens.
    2. On the Tasks tab, select Open Quarantine Folder.
      The quarantine folder opens.
    3. Select the files to be restored. Right-click and select Release from Quarantine.
      Note: The Release from Quarantine context-sensitive menu item only appears when selecting files of type *.dlpenc (DLP encrypted).
      The Release Code pop-up window appears.
  2. To restore quarantined email items, select Release from Quarantine.
    1. In Microsoft Outlook, right-click the email or other item to be restored.
    2. Click the Release from Quarantine icon.
      The Release Code pop-up window appears.


  3. Copy the challenge ID code from the pop-up window and send it to the DLP administrator.
  4. The administrator generates a response code and sends it to the user. (This also creates an operational event recording all the details.)
  5. The user enters the release code in the Release Code pop-up window and clicks OK.
    The decrypted files are restored to their original location. If the release code lockout policy has been activated (in the Agent ConfigurationNotification Service tab) and you enter the code incorrectly three times, the pop-up window times out for 30 minutes (default setting).
    Note: For files, if the path has been changed or deleted, the original path is restored. If a file with the same name exists in the location, the file is restored as xxx-copy.abc