Endpoint Protection

 View Only
  • 1.  SEP: Restore Files from Quarantine in Linux

    Posted Dec 12, 2017 05:03 PM

    I have not had this issue come up yet, but I need to know how to restore files from quarantine in Linux.  Everything I find uses Windows, but we run CentOS.  I found the quarantine in /var/symantec/Quarantine, but the files are changed so that they cannot simply be moved.  I am currently testing SEP in Linux and need to know that if it quarantines a part of customer data, it can be recovered.  An exception would also need to be added for the file.  As I understand it, this can only be done through SEPM.  Is there an easier way?

    Basically, I need this article for Linux.

     

    Thanks!



  • 2.  RE: SEP: Restore Files from Quarantine in Linux
    Best Answer

    Posted Dec 12, 2017 07:31 PM
    The command line switches for managing the quarantine in SEPFL are in this article: http://www.symantec.com/docs/HOWTO101754


  • 3.  RE: SEP: Restore Files from Quarantine in Linux
    Best Answer

    Posted Dec 13, 2017 09:40 AM

    ...Well, that solves basically every question I've had about this program hitherto.  I wish I had found that article sooner.  Thanks!

    Since links have a way of going dead (as anybody who's tried to maintain a legacy HP-UX system can probably relate), the solution I found in the link is:


    sav quarantine -l|--list

    Lists all the items that are in the local Quarantine.

    sav quarantine -d|--delete id

    Deletes the specified item from the Quarantine. To view the id of an item, list the items that are in the Quarantine. --delete, --restore, --repair, and --info accept a regular expression in place of id. When using a regular expression, make sure that special characters are properly escaped. For example, use sav quarantine -d "*", not sav quarantine -d *.

    sav quarantine -r|--restore id

    Restores the quarantined item that is specified. To view the id of an item, list the items that are in the Quarantine.

    sav quarantine -p|--repair id

    Attempts to repair the quarantined item that is specified. To view the id of an item, list the items that are in the Quarantine.

    sav quarantine -i|--info id

    Provides detailed information about the quarantined item that is specified. To view the id of an item, list the items that are in the Quarantine.


    Note that sav is found in /opt/Symantec/symantec_antivirus.



  • 4.  RE: SEP: Restore Files from Quarantine in Linux

    Posted Dec 13, 2017 09:41 AM

    You're welcome.