Does any one have recommendations or best practices for configuring quarantine directories for Network Protect Scans of File Shares? I'm currently configuring scans of file shares with an automated response rule to quarantine files that violate policy.
I'm debating on whether it would be best to create a single secure location to which files can be quarantined by all of my scans (since by default Symantec DLP will create a folder structure including the scan name + source folder structure). Alternatively, I was considering creating a "Quarantine" folder on each of the target file systems and then restricting access to that directory
Option 1 - Centralized Quarantine Location
- Only one quarantine path can be defined per file system target. As such, this configuration would require fewer file system targets to be created as all files would be quarantined to the same path.
- Potential for increased network traffic as quarantined files would need to be copied from the target file system to the quarantine path.
- Reduced administration for managing permissions of a single quarantine location.
Option 2 - Decentralized Quarantine Locations
- Only one quarantine path can be defined per file system target. As such, a separate target would have to be defined for each file share so that the proper quarantine path could be defined.
- Potential for reduced network traffic as files can remain on the target file system as long as the quarantine folder can be appropriately secured.
- Increased administration for managing permissions of multiple quarantine locations.
I may be missing something completely here as I am just starting to configure quarantine scans of file shares. Any recommendations or shared experiences would be appreciated.
Thanks!