From 439fcb30e28b0fed183b9fce1b9a8c892c49906b Mon Sep 17 00:00:00 2001 From: Roberto Seldner Date: Mon, 14 Oct 2024 07:50:46 -0700 Subject: [PATCH 1/3] Update configure-integration-policy.asciidoc - Noted we quarantine blocklisted files Explicitly noted block listed files are quarantined --- docs/getting-started/configure-integration-policy.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/getting-started/configure-integration-policy.asciidoc b/docs/getting-started/configure-integration-policy.asciidoc index d0cb0a5bd9..f9f325631a 100644 --- a/docs/getting-started/configure-integration-policy.asciidoc +++ b/docs/getting-started/configure-integration-policy.asciidoc @@ -84,7 +84,7 @@ image::images/install-endpoint/malware-protection.png[Detail of malware protecti [[manage-quarantined-files]] === Manage quarantined files -When *Prevent* is enabled for malware protection, {elastic-defend} will quarantine any malicious file it finds. Specifically {elastic-defend} will remove the file from its current location, encrypt it with the encryption key `ELASTIC`, move it to a different folder, and rename it as a GUID string, such as `318e70c2-af9b-4c3a-939d-11410b9a112c`. +When *Prevent* is enabled for malware protection, {elastic-defend} will quarantine any malicious file it finds (this includes files defined the <>). Specifically {elastic-defend} will remove the file from its current location, encrypt it with the encryption key `ELASTIC`, move it to a different folder, and rename it as a GUID string, such as `318e70c2-af9b-4c3a-939d-11410b9a112c`. The quarantine folder location varies by operating system: From 7cd984d36a0411bff60c5e385241e38c8175c419 Mon Sep 17 00:00:00 2001 From: Joe Peeples Date: Wed, 16 Oct 2024 10:05:37 -0400 Subject: [PATCH 2/3] Fix typo --- docs/getting-started/configure-integration-policy.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/getting-started/configure-integration-policy.asciidoc b/docs/getting-started/configure-integration-policy.asciidoc index f9f325631a..7f6d55d08a 100644 --- a/docs/getting-started/configure-integration-policy.asciidoc +++ b/docs/getting-started/configure-integration-policy.asciidoc @@ -84,7 +84,7 @@ image::images/install-endpoint/malware-protection.png[Detail of malware protecti [[manage-quarantined-files]] === Manage quarantined files -When *Prevent* is enabled for malware protection, {elastic-defend} will quarantine any malicious file it finds (this includes files defined the <>). Specifically {elastic-defend} will remove the file from its current location, encrypt it with the encryption key `ELASTIC`, move it to a different folder, and rename it as a GUID string, such as `318e70c2-af9b-4c3a-939d-11410b9a112c`. +When *Prevent* is enabled for malware protection, {elastic-defend} will quarantine any malicious file it finds (this includes files defined in the <>). Specifically {elastic-defend} will remove the file from its current location, encrypt it with the encryption key `ELASTIC`, move it to a different folder, and rename it as a GUID string, such as `318e70c2-af9b-4c3a-939d-11410b9a112c`. The quarantine folder location varies by operating system: From edd443ff92f0b1131f1cf5e21e91b540967d679f Mon Sep 17 00:00:00 2001 From: Joe Peeples Date: Wed, 16 Oct 2024 10:10:53 -0400 Subject: [PATCH 3/3] Apply change to serverless docs --- .../configure-endpoint-integration-policy.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/serverless/edr-install-config/configure-endpoint-integration-policy.mdx b/docs/serverless/edr-install-config/configure-endpoint-integration-policy.mdx index bcab7e77be..473fd97fe1 100644 --- a/docs/serverless/edr-install-config/configure-endpoint-integration-policy.mdx +++ b/docs/serverless/edr-install-config/configure-endpoint-integration-policy.mdx @@ -103,7 +103,7 @@ Endpoint Protection Complete customers can customize these notifications using t ### Manage quarantined files -When **Prevent** is enabled for malware protection, ((elastic-defend)) will quarantine any malicious file it finds. Specifically ((elastic-defend)) will remove the file from its current location, encrypt it with the encryption key `ELASTIC`, move it to a different folder, and rename it as a GUID string, such as `318e70c2-af9b-4c3a-939d-11410b9a112c`. +When **Prevent** is enabled for malware protection, ((elastic-defend)) will quarantine any malicious file it finds (this includes files defined in the blocklist). Specifically ((elastic-defend)) will remove the file from its current location, encrypt it with the encryption key `ELASTIC`, move it to a different folder, and rename it as a GUID string, such as `318e70c2-af9b-4c3a-939d-11410b9a112c`. The quarantine folder location varies by operating system: