Quarantine

In cybersecurity, quarantine is a security control mechanism designed to isolate suspicious or malicious files, applications, or network segments from the rest of a system or network. When a threat is detected—such as a potentially infected file, malicious software, or a suspicious network connection—the item is moved to a secure, restricted environment where it cannot execute, spread, or interact with operational systems. This immediate containment prevents malware propagation, unauthorized access, and data exfiltration, serving as a critical first line of defense in incident response.

Beyond containment, quarantine enables security professionals to safely analyze suspicious entities without risking the integrity, confidentiality, or availability of the broader infrastructure. By preserving the threat in a sandboxed or permission-restricted directory, analysts can examine its behavior, determine its origin, and make informed decisions about remediation—whether that involves permanent deletion, restoration of a false positive, or further investigation. This approach strengthens an organization's overall cybersecurity posture by providing a vital buffer between detection and resolution.