In case of any malicious event, the Quarantine Asset feature restricts the infected host machine from performing any network communication. You can quarantine an asset if its agent version is 4.9.0 and above. You can Quarantine an Asset from the Incidents or Asset tab.
Note: This feature is only available for the Windows assets.
Quarantine an Asset from Incidents tab
Quarantine an Asset from Assets tab
Quarantine Asset Configuration from the Configuration tab
Release an Asset from Assets tab
Release an Asset from Incidents tab
To quarantine an asset based on the incident description, perform the following steps:
1. Click the Incident description that you want to quarantine.
2. In the Summary section, click Quarantine Asset.
3. In the Quarantine Asset window, add your comments. Optionally, you can toggle Allowed Applications and add the application path you prefer to be accessible while quarantining the asset. Applications listed in the Quarantine Asset Configuration will be applicable in the Allowed Applications, if this toggle is enabled.
To add an application, enter a valid application path in the space provided and click Add.
To remove an application, click the delete icon against the application path.
4. Click Execute Response
A notification Quarantine Asset request sent successfully. View Request Status is generated.
Click the View Request Status to follow the asset quarantine status.
Once the asset is successfully quarantined the following status is displayed:
To quarantine an asset from the Assets tab, perform the following steps:
1. In the Assets tab select the Asset that you want to quarantine. The Agent version should be 4.9.0 and above
2. From the Quick Actions menu click Quarantine Asset
3. In the Quarantine Asset window, add your comments. Optionally, you can toggle Allowed Applications and add the application path you prefer to be accessible while quarantining the asset. Applications listed in the Quarantine Asset will be applicable in the Allowed Applications, if this toggle is enabled.
To add an application, enter a valid application path in the space provided and click Add.
To remove an application, click the delete icon against the application path.
4. Click Execute Response
A notification Quarantine Asset request sent successfully. View Request Status is generated.
5. Click the View Request Status to follow the asset quarantine status.
A quarantined asset will have the 
icon displayed.
The 
icon signifies the asset is in progress
state.
From the Configurations tab, you can white list the applications that will be allowed while the asset is quarantined.
Perform the following steps to white list applications for the Quarantined asset:
1. In the Configuration tab, select Quarantine Asset
2. Toggle Allowed Applications
3. In the Add Applications field, provide the complete path of the application. You can provide environmental variables in the field. Wild cards inputs are not supported.
4. Click Apply.
Note: To allow the Qualys Endpoint protection, add the following paths:
- C:\Program Files\Qualys\QualysEPP\EPUpdateService.exe
- C:\Program Files\Qualys\QualysEPP\downloader.exe
- C:\Program Files\Qualys\QualysEPP\EPSecurityService.exe
- C:\Program Files\Qualys\QualysEPP\ephost.integrity.legacy.exe
- C:\Program Files\Qualys\QualysEPP\EPConsole.exe
- C:\Program Files\Qualys\QualysEPP\EPIntegrationService.exe
- C:\Program Files\Qualys\QualysEPP\EPProtectedService.exe
- C:\Program Files\Qualys\QualysEPP\bdredline.exe
To release a quarantined asset, perform the following steps:
1. In the Assets tab, select the quarantined asset. From the Quick Actions menu select Release Asset.
2. In the Release Asset window, add your comments.
3. Click Execute Response.
A notification Release Asset request sent successfully. View Request Status is generated.
4. Click the View Request Status to follow the release asset status.
To release a quarantined asset, perform the following steps:
1. In the Incidents tab, select the required incident description of a quarantined asset.
2. In the Summary tab, click Release Asset.
3. In the Release Asset window add your comments.
4. Click Execute Response.
A notification Release Asset request sent successfully. View Request Status is generated.
5. Click the View Request Status to follow the release asset status.