Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Deleting archived items from users vault by date without opening the archive - is it possible?

Created: 24 Nov 2013 • Updated: 25 Nov 2013 | 9 comments
Sani B's picture
This issue has been solved. See solution.

Hi,

I need to know if it's possible to somehow delete archived items from a users archive on specific date without opening the archive?

Exporting items by date doesn't give you an option to delete from vault as well as the location exporting does... So can it be done some other way?

Thanks in advance.

Sani B.

Operating Systems:

Comments 9 CommentsJump to latest comment

Sani B's picture

Ok, thanks Rob.
Well another question regarding this thing - is it possible to determin what date range messages is in one vault cache db file? There are bunch of them in the location so is there a way to see what one such file contains?

This is due to an alerterd virus suspicion in one of the files and it needs to be determined if there is such thing in some email that's in the archive and have copied it to the users computer among the vault cached messages...

Sani B.

Rob.Wilcox's picture

The Vault Cache DB files are named per 'quarter' so you can see which date range is from the file name ...  or you can just take a copy of the .db file, rename it to PST and open it in Outlook.

If you antivirus has said that there is a virus in an archived item -- how did it do that? Do you virus scan the vault store partition folders?  (that is against Symantec best practice). 

If you do have a virus alert, it says the user and the subject of the message?

Sani B's picture

I'm sorry - quarter? If the file name is 2012_10_12_0003.db then what range is that?

They have scanned users workstation and there the program has flaged one of the db files as possible location of a trojan... Now I'm trying to somehow scan the messages included to that file and see if it really flags anything or if this might be a mistake... so far 3 users have the same flagging...

Sani B.

Sani B's picture

Quick follow up question about this...

Using the export to pst method I was able to narrow down to a date which items I needed to delete and I deleted those items... After making sure those items are not shown in users archive anymore - I ran the export against that day and it still found the same 10 items as earlier... is this because of the 14 day recovery of deleted messages rule? And the items are not anymore in users archive so that they would be copied to the vault cache files?

Sani B.