Endpoint Protection

 View Only
  • 1.  Can not restore from Quarantine a false positive

    Posted Aug 22, 2011 11:01 AM

    HI,

    I have a SEP11 RU6 MP3 client that has deleted a critical file on our server. The file is from CrypKey Software.

    I have try doing a Restore from the GUI and it does not work, says that there was a problem. Then using qextract

    from the CD, it says that the file may already exist. I even used the /overwrite switch.

     

    Then I moved the files to another server and qextract says that cliproxy.dll is not registered

     

    How can I restore that file? Should I contact Symantec? Why Restore from quarantine does not work?

     

    Thanks

    Oliver



  • 2.  RE: Can not restore from Quarantine a false positive

    Posted Aug 22, 2011 11:12 AM

    can u copy the file frm the quarentine folder? the folder will not have any permissions, so give it permission and select that file.

     

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine

     


  • 3.  RE: Can not restore from Quarantine a false positive

    Trusted Advisor
    Posted Aug 22, 2011 11:36 AM

    Hello,

    Since you have followed the steps from the Article:http://www.symantec.com/docs/TECH150607

    I would now suggest you to follow the Steps provided in the Article:

    Best Practice when Symantec Endpoint Protection or Symantec AntiVirus is Detecting a File that is Believed to be Safe

    Submit the same False Positive File to the Symantec Security Response Team by:

    https://submit.symantec.com/false_positive  and 

    https://submit.symantec.com/essential and

    Create a case with Symantec Technical Support Team.

     

    By that time, request you to check this Article:

    http://www.symantec.com/docs/TECH106443

     

    I am sure this may help you!!!



  • 4.  RE: Can not restore from Quarantine a false positive

    Posted Aug 22, 2011 12:41 PM

    Hi,

    I can not use Qextract or the GUI to restore the quarantined file. I get errors in each step of this TECHDOC:

    http://www.symantec.com/docs/TECH105602

     

    With Qextract RU6 MP3 I get an error message like 0x000021d, in the GUI it just says that I can not

    restore the file, that an error ocurred.

     

    Any aditional help is welcomed

     

    Thanks

    Oliver



  • 5.  RE: Can not restore from Quarantine a false positive

    Posted Aug 22, 2011 04:51 PM
      |   view attached

    Here is screenshot, there is an error code in the qextract command.

     

    This error happens in safe mode and normal boot.



  • 6.  RE: Can not restore from Quarantine a false positive

    Posted Aug 22, 2011 04:52 PM

    Hi,

    yes, I have access to the Quarantine folder. I can send it to you or symantec.

     

    Regards,

    Oliver



  • 7.  RE: Can not restore from Quarantine a false positive
    Best Answer

    Posted Aug 24, 2011 10:16 PM

    If it is a managed client try to create a test group move that particular client to that group and apply a new AV & AS policy try to disable the File System Autoprotect for that group alone.

    Now you will be able to restore the File which is a False Positive.



  • 8.  RE: Can not restore from Quarantine a false positive

    Posted Aug 25, 2011 12:06 PM

    Thanks, its a managed client.