How to Use GetQuarantine BETA

McAfee GetQuarantine tool collects quaraintined files and corresponding metadata and uploads them to McAfee Workflow backend for further analysis. The tool uses HTTPs protocol to upload the zip file. This tool will expire on February 28, 2019.

Download GetQuarantine BETA ePO

Usage

The tool can be deployed via McAfee ePolicy Orchestrator (McAfee ePO). For McAfee ePO deployment, the customer creates a typical product deployment task, passes on command-line parameters, and schedules a task to run at a regular cadence. On each task run, the tool gets downloaded from the McAfee ePO server and uploads quarantine objects. If the quarantine folder is empty or if the item is already uploaded in previous runs, the tool skips upload and exits.

Tool Options

Name Type Description
--Email Mandatory Customer email address, used for communicating submission outcomes. Example: --email=<email address>
--Quarantine-folder Optional

Quarantine folder location. Default is c:\Quarantine

Example: --Quarantine-folder=<quarantine folder path>
--Proxy-server Optional Network proxy server IP or FQDN. Example: --Proxy-server=<Proxy server IP/FQDN>
--Proxy-port Optional Network proxy server port. Example: --Proxy-port=<port number>
--Config-script Optional Proxy auto configuration file URL (if any). User can either use proxy server and IP combination or PAC file. Example: --Config-script=<PAC file URL>

Upon successful submission, the customer will receive an acknowledgement to the email address supplied during tool execution.

The tool stores logs at location c:\ProgramData\McAfee\GetQuarantine\log.txt.