McAfee GetQuarantine tool collects quaraintined files and corresponding metadata and uploads them to McAfee Workflow backend for further analysis. The tool uses HTTPs protocol to upload the .zip file. This tool will expire on April 30, 2020.
The tool can be deployed via McAfee ePolicy Orchestrator (McAfee ePO). For McAfee ePO deployment, the customer creates a typical product deployment task, passes on command-line parameters, and schedules a task to run at a regular cadence. On each task run, the tool gets downloaded from the McAfee ePO server and uploads quarantine objects. If the quarantine folder is empty or if the item is already uploaded in previous runs, the tool skips upload and exits.
|Mandatory||Customer email address, used for communicating submission outcomes. Example: --email=<email address>|
Quarantine folder location. Default is c:\QuarantineExample: --Quarantine-folder=<quarantine folder path>
|--Proxy-server||Optional||Network proxy server IP or FQDN. Example: --Proxy-server=<Proxy server IP/FQDN>|
|--Proxy-port||Optional||Network proxy server port. Example: --Proxy-port=<port number>|
|--Config-script||Optional||Proxy auto configuration file URL (if any). User can either use proxy server and IP combination or PAC file. Example: --Config-script=<PAC file URL>|
Upon successful submission, the customer will receive an acknowledgement to the email address supplied during tool execution.
The tool stores logs at location c:\ProgramData\McAfee\GetQuarantine\log.txt.