Quarantine

Quarantine isolates a suspect file, host, or account so it can’t cause further harm while it’s investigated — a containment action that deliberately preserves the item as evidence rather than deleting it. EDR products quarantine malicious files automatically and can network-isolate an endpoint with one click, dramatically shrinking blast radius in the critical first minutes.