After rules are applied to VM groups, based on the protection level and tag set by partners, there might be VMs that are identified as infected that need to be quarantined.

Partners use the API with tag virus_found=true to tag VMs that are infected. Affected VMs are attached with the virus_found=true tag.

As an administrator, you can create a pre-defined quarantine group based on tag with virus_found=true value, such that the group gets populated with infected VMs as and when they are tagged. As an admin, you might choose to set specific firewall rules for the quarantine group. You can set firewall rules for the quarantine group. For example, you might choose to block all traffic incoming and outgoing from the quarantine group.