Endpoint Protection

 View Only

  • 1.  How to get a file out of quarantine?

    Posted Jan 11, 2012 09:39 AM

    I would like to get two files out of quarantine.

    I am just a software engineer not part of the IT department.  I have put a request in for the files to be added to the exception list but, I don't really want to wait on them as it may take a while for them to get to it.

    Two files got quarantined that are OK.  The software they come from is from a trusted source.

    Quarantined by Bloodhound.Sonar.1. 

    Maybe I should just reinstall the files and add them to the Centralized Exception list?  Assuming I have the permissions to do so.  And lower the Trojan & Worm sensitivity to ??? It was set at 100. 

    Using SEP 11.0.6005.562.

    Defs - Tuesday, January 10, 2012 r1

    Thanks!

     

     

     



  • 2.  RE: How to get a file out of quarantine?



  • 3.  RE: How to get a file out of quarantine?

    Posted Jan 11, 2012 10:43 AM

    Please find the steps to do it:

     

    Files can be restored from Quarantine manually via the product GUI.

    File Restoration from the client GUI:
    1. Open the Symantec Endpoint Protection interface.
    2. From the left-hand side menu Select View quarantine
    3. Highlight the item in Quarantine, and choose Restore.
    4. Confirm Restore when prompted to do so 'Are you sure you want to restore the selected files'?, choose Yes.

    For more information, follow the link:

    http://www.symantec.com/business/support/index?page=content&id=TECH150607



  • 4.  RE: How to get a file out of quarantine?

    Posted Jan 11, 2012 11:31 AM

    Hi pmanasfd,

    If they were detected as Bloodhound.Sonar.1, it looks like Proactive Threat Protection (PTP, aka PTS and TruScan) is what detected them rather than a signature-based detection.

    The following document has some good advice on how to prevent false positives with SEP's heuristic technologies: definitely worth a read!

    Sizing and Scalability Recommendations for Symantec Endpoint Protection Rev 2.3
    http://clientui-kb.symantec.com/resources/sites/BUSINESS/content/staging/DOCUMENTATION/4000/DOC4448/en_US/1.0/Endpoint%20Protection%20Sizing%20and%20Scalability%20Best%20Practices_%20v2.3.pdf

    Final note: SEP 11 RU6 is quite old --- i really recommend upgrading to RU7 MP1 or to the new SEP 12.1.

    Hope this helps!