[doc] Noted blocklisted files are quarantined (#5918)

rseldner · joepeeples · web-flow · commit 6e01499059ed · 2024-10-16T07:35:01.000-07:00
* Update configure-integration-policy.asciidoc - Noted we quarantine blocklisted files

Explicitly noted block listed files are quarantined

* Fix typo

* Apply change to serverless docs

---------

Co-authored-by: Joe Peeples &lt;joe.peeples@elastic.co&gt;
diff --git a/docs/getting-started/configure-integration-policy.asciidoc b/docs/getting-started/configure-integration-policy.asciidoc
@@ -84,7 +84,7 @@ image::images/install-endpoint/malware-protection.png[Detail of malware protecti
 [[manage-quarantined-files]]
 === Manage quarantined files
 
-When *Prevent* is enabled for malware protection, {elastic-defend} will quarantine any malicious file it finds. Specifically {elastic-defend} will remove the file from its current location, encrypt it with the encryption key `ELASTIC`, move it to a different folder, and rename it as a GUID string, such as `318e70c2-af9b-4c3a-939d-11410b9a112c`.
+When *Prevent* is enabled for malware protection, {elastic-defend} will quarantine any malicious file it finds (this includes files defined in the <<blocklist>>). Specifically {elastic-defend} will remove the file from its current location, encrypt it with the encryption key `ELASTIC`, move it to a different folder, and rename it as a GUID string, such as `318e70c2-af9b-4c3a-939d-11410b9a112c`.
 
 The quarantine folder location varies by operating system:
 
diff --git a/docs/serverless/edr-install-config/configure-endpoint-integration-policy.mdx b/docs/serverless/edr-install-config/configure-endpoint-integration-policy.mdx
@@ -103,7 +103,7 @@ Endpoint Protection Complete customers can customize these notifications using t
 
 ### Manage quarantined files
 
-When **Prevent** is enabled for malware protection, ((elastic-defend)) will quarantine any malicious file it finds. Specifically ((elastic-defend)) will remove the file from its current location, encrypt it with the encryption key `ELASTIC`, move it to a different folder, and rename it as a GUID string, such as `318e70c2-af9b-4c3a-939d-11410b9a112c`.
+When **Prevent** is enabled for malware protection, ((elastic-defend)) will quarantine any malicious file it finds (this includes files defined in the <DocLink slug="/serverless/security/blocklist">blocklist</DocLink>). Specifically ((elastic-defend)) will remove the file from its current location, encrypt it with the encryption key `ELASTIC`, move it to a different folder, and rename it as a GUID string, such as `318e70c2-af9b-4c3a-939d-11410b9a112c`.
 
 The quarantine folder location varies by operating system:
 
