What prevention policy settings must be enabled to quarantine files on the host?

To quarantine files, Falcon requires the relevant Next-Gen Antivirus prevention capability and the quarantine setting. The correct pairing is Next-Gen Antivirus Prevention sliders with Quarantine & Security Center Registration . Quarantine does not operate independently; Falcon must first prevent the file through NGAV-related controls such as cloud or sensor machine-learning prevention. Once prevention occurs, the quarantine setting governs whether the prevented executable is quarantined on the host. Custom Execution Blocking is related to IOC-based blocking, not the general NGAV quarantine requirement. “Advanced Remediation Actions” and an “Aggressive quarantine level” are not the documented configuration pair. The course guide identifies quarantine under Next-Gen Antivirus and ties it to prevention-level configuration and Security Center registration.