We would like to raise an enhancement request for the quarantine settings on SEPM. We would like the SEPM to have a setting that could prevent users or local admin from deleting or restoring items that are quarantined.
We logged a case before and was recommend to the the following:
Lockdown on the SEP by having a password
Set malware to be deleted instead of quarantine.
The password option is not viable as users or local admin need to use the SEP interfaceto run Liveupdate or check their definition version.
We do not want the malware to be deleted instead of quarantine as we might need to extract the malware for analysis for more information.
Thank you.