Hi Stefan,
Yes, there is a major compatibility issue: Quarantine Server cannot receive files convicted by reputation, only classic AV signature convictions. So you will have limited results and probably not meet your objective, because false positives are a bit more likely to occur with reputation convictions than with signatures.
I would recommend looking into other methods.
It can be time consuming dealing with false positives, especially those due to highly customized or internally developed applications. There are numerous ways to assign exceptions within SEP policies, depending on which SEP technology is reacting to the business-critical application incorrectly. Many exceptions can be added to one or more Exceptions policies directly from the Risk or SONAR logs. Also, you don't always have to submit a file; you can submit a filehash to the false positive submission portal, and the hash is usually provided in the SEP log. Much easier to collect!
Hope this is helpful.
Original Message:
Sent: 04-06-2020 10:49 AM
From: Stefan Karamihaylov
Subject: Central Quarantine server in SEP 14 environment
Hi John,
Is there any compatibility issue between the Quarantine server and SEP 14? For example if I get it and install it, is it going to work?
The main issue is that I need all quarantined risks to be sent to a centralized server because I don't have remote access to the client machines and it is a bit difficult to get and submit files for false positive.
Original Message:
Sent: 04-06-2020 10:28 AM
From: John Owens
Subject: Central Quarantine server in SEP 14 environment
Hi Stefan,
QS is no longer supported and should not be used. Please look into Advanced Threat Protection as an alternative.
------------------------------
John Owens
Principal Product Support
Symantec
United States
Original Message:
Sent: 04-06-2020 08:54 AM
From: Stefan Karamihaylov
Subject: Central Quarantine server in SEP 14 environment
Anyone from Symantec to provide some info here?
Original Message:
Sent: 04-03-2020 08:17 AM
From: Stefan Karamihaylov
Subject: Central Quarantine server in SEP 14 environment
According to the articles below Central Quarantine server is no more available with the SEP 14 installation but as per the screenshot, it can be installed from an old SEP 12 install source.
So is there someone who is using this in SEP 14 environment and is everything working fine? I am wondering why this is not available in SEP 14 anymore as it is good to have these quarantined files forwarded to a central server especially when you don't have remote access to the workstations.
https://knowledge.broadcom.com/external/article?legacyId=tech95663
https://knowledge.broadcom.com/external/article?legacyId=tech255506