I'd like to know if the encrypted files that are created when you select "Backup files before attempting to repair them" can be unencrypted and recovered in case of a forensic requirement?
Also, what encryption method is used.
Thanks in advance.
I'm not sure about that; :)
have a look at this discussion
https://www-secure.symantec.com/connect/forums/need-info-about-structure-symantec-quarantine-files-vbn
You can restore items from quarantine in the client ui, however restoring a known bad file (or even suspicious one) is not a good idea.
Thanks for taking the time to answer. We are moving away from "Clean then Quarantine" to "Clean then Delete" in our client policy so that would not be an option Ben, not that we would ever do it anyway. Our IT Security department want to know if the file that is backed up and encrypted before the Clean and Delete is performed could be copied off to an isolated machine and unencrypted for forensic purposes. I don't see this ever having to happen but they've asked me to try and find out.
Thanks again.