You can restore the detected threat content to a cleanroom environment or out-of-place destination to support incident response, validation, and deeper threat analysis without reintroducing risk to production data.
Forensic recovery restores the most recent recovery point with all detected threat content including malware, encryption, and anomalies, enabling security teams to conduct thorough investigation and forensics.
Available restore destinations: Out-of-place or Cleanroom.
Procedure
-
Go to the Resources tab on the Threat Scan page. For more information, see Threat Scan Resources.
-
For the resource you want to restore, click the Action button
, and then select Restore.The Restore wizard appears.
-
Select Forensic.
The available restore options will vary based on what you’re recovering (for example, virtual machines versus file system backups).