March 12, 2025—The "Collect Quarantined File" action is now available in context menus
within Workbench, Observed Attack Techniques, or XDR Data Explorer.
Streamline your incident response with new quarantined file actions available across
multiple investigation workflows. When investigating alerts and insights in Workbench,
Observed Attack Techniques, or XDR Data Explorer, the system automatically detects
quarantined files and displays the "Collect Quarantined File" action in context menus,
replacing standard file collection for files quarantined by Standard Endpoint Protection
and Server & Workload Protection. You can also restore or delete quarantined files
from Endpoint Event Viewer using the Anti-Malware Identified file event view.
For more information about Endpoint Event Viewer, see Endpoint Event Viewer.