File Remediation

Remediating Files

You can view files and manually perform remediation on them

All remediations in the system can be disabled on request.

  1. Access the Files page, expand the desired file, and click .

    The file manager menu opens.

  2. Select one of the options.

    Notes:

    • You must have read permissions to view a file.

    • You can also apply an MIP label from the Data Security pane of the expanded file (see MIP Labeling).

    • After performing a remediation, the remediation information is displayed in the status bar of the expanded file information (see Remediation Information).

Quarantine

The first time a file is quarantined from your site, a dedicated folder is created and all quarantined files are copied to this site.

Unified Quarantine Space

The quarantine space stores quarantined and shadow-copied files, accessible by only authorized users.

Based on the SaaS applications you’ve connected to CASB, quarantine space can be hosted on one or both of the following:

  • Microsoft 365 (as a SharePoint site): A dedicated SharePoint site named Proofpoint Quarantine is created. All quarantined files are copied to this site.

    An email is sent to the group members, letting them know that they were added to the quarantine group.

  • Google Workspace (as a Shared Drive): A dedicated share drive share drive named Proofpoint Quarantine is created and your quarantined files are quarantined to this site.

Quarantined or shadow-copied files across the different applications are stored in the unified quarantine space. For example, if you have Microsoft 365 and Salesforce, quarantined Salesforce files will be copied to the Microsoft 365 quarantine space.

In case you have both Microsoft 365 and Google Workspace, you will be able to choose what application (Microsoft 365 or Google Workspace) will host your unified quarantine space via a configuration page.

This only applies to non-Microsoft 365 and non-Google Workspace files.
Microsoft 365 files will always quarantined or shadow-copied within Microsoft 365, and similarly, Google Workspace files will always quarantined or shadow-copied within Google Workspace.

Access to Quarantine Space

Access to quarantine space is controlled automatically or manually. Access is configured from the Quarantine Configuration Space page.

Automatic Access

Automatic Access to the quarantine space is controlled by the Information Protection Platform’s access policies. All platform users with the following Access Policies are granted automatic access to the quarantine space, to view quarantined files or files that were shadow copied:

  • Full Administration
  • Full View
  • Activity Exploration
  • CASB Application Full Administration
  • Activity Unredacted Snippet View
  • Activity Snippet View

Similarly, if platform users with the above access policies are removed from the platform or their access policies change, their access to the quarantine space is automatically removed.

Manual Access

Lets you define who can manage the quarantine space from the Quarantine Space Configuration page.

Quarantine Space Configuration

Quarantine Space Configuration page is accessed from the CASB Application > Setup Configurations > Quarantine Space Configuration.

You can configure:

  • Unified Quarantine Space: Select your unified quarantine space - Google Workspace or Microsoft SharePoint

  • Microsoft 365/ Google Workshop Quarantine Settings: Enable/Disable automatic access management. For the relevant spaces, select Automatic or Manual

File Remediation for Salesforce and Slack and Unified Quarantine Space

File remediations are available for Salesforce and Slack, allowing you to mitigate data risks in those applications:

Salesforce: Quarantine File, Shadow Copy

Slack: Quarantine and Tombstone file, Shadow Copy

You must have Microsoft 365 or Google connect to use this feature. The file is copied to the unified quarantine space.

Quarantined File Review

You can review a quarantined or shadow copied file by using a dedicated link provided directly in the Analytics > Alerts.

When you quarantine or shadow copy a file, the Review File control is available to open the file in a Google Workspace online viewer.

This enhancement streamlines your triaging process by giving you click one-click access to the file for prompt review.