Nebula provides comprehensive protection for your devices against cyber threats. It uses advanced scanning and real-time protection technologies to identify and prevent malicious activities. Whenever a threat is detected, it is isolated and encrypted, then stored in a secure location on the device. This process quarantines all files and activities related to the threat, including registry entries, shortcuts, and browser modifications.
Manage quarantined threats
To investigate and manage the blocked threats on your endpoints, review the information available on the Monitor > Detection Center > Quarantined Detections page.
Check for ransomware
First, you should check the quarantine page for threats with the Ransomware category, as this is the most severe type of threat. If you see this category, click on the Threat name to learn more about the detection. Then, look at the endpoint column and identify which devices need to be checked.
Talk with the device owners about avoiding suspicious links and programs, and suggest they change their passwords for added security.
Look for endpoints with multiple detections
Next, search for endpoints with a high number of quarantined items and inspect if the endpoints show recurring quarantined file detections. This could indicate repeated access to malicious content.
Verify with the respective device owners if the quarantined items are recognized or unrecognized, then take appropriate action. Talk to these device owners to enforce better security practices.
For example, consider implementing security hardening strategies such as the principle of least privilege as discussed in this blog article.
Handle false positives
Next, review the file locations of each quarantined threat to see if you recognize any items. If you see a program like Microsoft Word in the quarantine list, this may be a false positive. A false positive is when a legitimate file or application is incorrectly flagged as malicious.
If you identify any false positives, use the actions menu to restore them to their original location in an unencrypted state. You can also create an exclusion when restoring the file to prevent it from being detected again. For more information on exclusions, see Nebula exclusions and how it works.
If you are unsure if a detection is a false positive, contact Support.
Delete quarantined items
CAUTION - Deleted quarantine items cannot be restored.
After reviewing the quarantine for potential false positives, use the actions menu to delete the remaining quarantined items. This eliminates the file from the device and clears the list so you don't review the same items next time. For more details on the quarantine page, see Manage quarantine in Nebula.