Quarantine Management
Safely isolate, review, and manage suspicious files in quarantine.
Quarantine Management
The quarantine system provides a safe way to isolate suspicious files without permanently deleting them.
How Quarantine Works
When you quarantine a file:
- The file is moved from its original location to a protected quarantine directory
- The file is renamed with a random hash to prevent direct execution
- An
.htaccessrule denies all web access to the quarantine directory - The original file path, timestamp, and detection details are recorded
The file is completely isolated from your store — it can't be accessed by visitors or executed by the web server.
Quarantine Actions
View — Read the file's content directly in the module interface. Useful for analyzing suspected malware.
Edit — Modify the file's content before restoring. Use this to clean malicious code from an otherwise legitimate file.
Restore — Move the file back to its original location. Use when you determine a quarantined file is safe (false positive).
Delete — Permanently remove the file from the quarantine. Use for confirmed malware you no longer need to review.
Audit Trail
Every quarantine action is logged:
- When the file was quarantined
- Who quarantined it (which admin user)
- If/when it was restored or deleted
- Original detection category and severity
Best Practices
- Quarantine first, investigate later — When in doubt, quarantine. You can always restore.
- Review quarantined files regularly — Don't let quarantine become a permanent storage. Review and either restore or delete.
- Use the editor for cleanup — If a legitimate file contains injected code, edit out the malicious portion before restoring.
- Check your store after quarantine — Some quarantined files might be needed by your store. If something breaks, check the quarantine for recently isolated files.