Restore Quarantine files. how to.
Updated: 26 Jan 2012 | 8 comments
This issue has been solved. See solution.
Hi Team,
I would like to restore quarantine files from SEPM console & how to from client system.
Please help!
Jayant salunkhe
Discussion Filed Under:
Comments
Restore from quarantine
> Go to SEP and select View quarantine
> select the file and click on Restore
If it returns to Quarantine when accessing, restore again then disable SEP and submit a copy for false positive.
https://submit.symantec.com/false_positive/
“Your most unhappy customers are your greatest source of learning.”
Hi,You ca
Hi,
Please go through the below article which describes the best practices for Managing the Quarantine:
Managing the Quarantine:
http://www.symantec.com/docs/HOWTO55236
Restoring a false positive file detection from the Symantec Endpoint Protection quarantine:
http://www.symantec.com/docs/TECH150607
2nd link is exactly what you want:
Files can be restored from Quarantine manually via the product GUI or using the tool Qextract for Symantec Endpoint Protection 11.0
File Restoration from the client GUI:
1. Open the Symantec Endpoint Protection interface.
2. From the left-hand side menu Select View quarantine
3. Highlight the item in Quarantine, and choose Restore.
4. Confirm Restore when prompted to do so 'Are you sure you want to restore the selected files'?, choose Yes.
File Restoration using QExtract:
Symantec has a unsupported tool called QExtract, located under Tools\NoSupport folder of the installation CD.
Please carefully review the QuarantineExtract.html file that comes with the tool on how to use it.
This utility can be used to restore files from multiple systems
Hope this helps you!!
Regards,
Avkash K
Open SEP-->go to View
Open SEP-->go to View Quanantine in left hand side---> select files which needs to be removed--->Clieck on Restore.
For more information on how to manage quarantine files.
How to Manage Quarantined files:
http://www.symantec.com/docs/TECH106443
Thanks & Regards,
AR Sharma,
IBM Certified System Admin- Lotus Domino V7
ITIL V2 Certified
Which Detections?
HI Jayant,
Is this in SEP 11 or SEP 12.1? What were these quarantined files detected as, and do you believe that they were False Positives (healthy, clean files mistakenly detected)?
Many thanks!
With thanks and best regards,
Mick
If we submitted for false
If we submitted for false positives why no reply from symantec..
Thanks & Regards,
Srikanth.S
"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)
For faster results...
If you want faster results, you could open a case with Symantec.
Although I have tried submitting using the link I have provided. I submitted a copy of CleanWipe 6.2 that is being detected as Suspicious.Cloud.2 and the dispute was solved in less than 6 hours.
So I'm guessing that depending on the uniqueness of the file you have submitted, it could take a while unless you called support, then you could get results in less time.
“Your most unhappy customers are your greatest source of learning.”
Ok..Then i want to submit our
Ok..Then i want to submit our wireless exe as false positive..but never helped.
Thanks & Regards,
Srikanth.S
"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)
^_^
I'm assuming that the file is related to some wireless communication device and has already been whitelisted on Symantec. But you may also want to check the firewall settings if the particular exe that probably opens a communication port is allowed on your policy.
What was the reported threat from the exe file?
“Your most unhappy customers are your greatest source of learning.”
Would you like to reply?
Login or Register to post your comment.