Overview
You can take action on the snapshots containing malicious files by quarantining and isolating them to prevent further damage.
There are 2 ways of quarantining snapshots:
Auto quarantine Snapshots: Enable this option while creating a Threat Hunt job to automatically quarantine all snapshots containing malicious files within the specified date range.
Manually quarantine snapshots: Choose this option if you want to selectively quarantine snapshots for specific date ranges.
How to quarantine snapshots manually?
Once the Threat Hunt job is complete, you can view the details of the resources (Virtual Machines) and their snapshots from the Threat Hunting dashboard page.
To manually quarantine snapshots,
On the Threat Hunt dashboard page, click on the Threat Hunt Name > Scan Results.
From the Resources section, select the resource (Virtual Machine) that you want to quarantine.
Click Quarantine.
On the Manage Quarantine Range page, select the appropriate option as per your need:
All Snapshots: To quarantine existing and future snapshots
Snapshots within date range: To quarantine snapshots between different date ranges. Provide a start and end date to define the quarantine range.
Click Save.
The snapshots will be quarantined based on the selected quarantine options. You can view the quarantined snapshots from the Quarantine Bay listing page.
To learn more about manually quarantining virtual machines, see Quarantine for Virtual Machines (VMware).