Hi, thanks for all the answers, it shed some light upon this issue.
The end aim is to get an executable binary on the smb share ready for analysis. I could extract the files in %Program Files%\Symantec\Quarantine\Server\Submissions, and transmit them to a client with SEP Client installed, extract the compressed files with either QExtract or SEPQuarantineTool and then transmit the binaries to my smb share. This might be the best possible way of doing this?
Backup is not the purpose, I'm interested in obtaining the binary, info regarding: where on the filesystem it was detected, detection timestamp, a hash of the detected binary would be great (but I'm pretty certain that Symantec doesnt support it) and perhaps Symantec's malware classification (spyware/trojan/dropper/etc..).
The QServer contain all of this information (except the hash) so I assume that its bundled with the compressed file before its transmitted to the QServer. Is that a fair assumption?
I'm basically looking for Symantec QServer's counterpart to Microsofts mpcmdrun.exe, if there is one.