This article discusses the following questions regarding query fields (e.g. Infected Files/Objects, Security Threat, File Path) under Agents > Agent Management > Tasks > Central Quarantine Restore in the OSCE web console:
- Are query fields strict or use prefix/postfix match?
- Do query fields support wildcards?
The search string is strict i.e. it must be an exact match. The query fields do not support wildcards.
Inputs for the fields are as follows:
Infected Files/Objects: File Name
Security Threat: Detection Name (e.g. BKDR_XXXX.XXX)
File Path: File Path of which subject files are detected
e.g. After a file [C:\temp\eicar.com.txt] was detected and quarantined, if you want to restore it,
Input: Infected Files/Objects: eicar.com.txt
Security Risk: Eicar_test_1
File Path: C:\temp\
You can leave the following fields empty when searching the quarantined files:
Security Risk:
File Path:
But if you want to search for [C:\temp\eicar.com.txt], you cannot use the following search phrase to search for a file detected under C:\temp\:
File Path: C:\