When a policy flags a file to be quarantined, that file is placed in a quarantine folder and a tombstone file is put in the original location in its place. To access the Quarantine page, go to Incidents > Quarantine. The Quarantine page is categorized into the classic or next gen platform. In classic, the applications integrations are built on the 1st gen API Data Protection platform. In next gen, the application integrations are built on the latest Next Gen API Data Protection platform. Classic applications will gradually be migrated to next gen.

Only DLP-flagged quarantine files are displayed in the Incident > Quarantine page. If you intend to view malware-related quarantine files, navigate to Incident > Malware and Skope IT > Alerts pages.

Files in quarantine are referenced on this page, which shows this information about the file:

  • Date

  • File name

  • Original file name

  • Policy name

  • Violation

  • File owner

  • Detection method

You can customize the information shown by clicking the filter icon and selecting specific types of information, like the DLP profile, detection method, and date range.

To update the page with the most current information, click the Refresh icon next to the page title.


You can take actions on each of the quarantined files. Select the checkbox beside a quarantined file, and on the bottom-right, click:

  • Contact Owners: You can contact the owner of the quarantined file.

  • Download Files: You can download the tombstone file.

  • Take Action: You can either restore or block the tombstone file.

Share this Doc


Or copy link

In this topic ...