Restoring Quarantined Files In Guard Dog

5/5/2021 | Author: Trend Micro
Categories: Anti-Virus Worry-Free Business Security Services

Whenever the Agent backs up, quarantines, or renames an infected file or attachment, it encrypts the file/attachment. This is done to prevent users from opening these files and spreading the virus/malware to other files on the client.

Quarantined files and backup files are stored in the following folders:

  • ..\Program Files\Trend Micro\Client Server Security Agent\Suspect
  • ..\Program Files\Trend Micro\Client Server Security Agent\Backup\
Decrypting an infected file could spread the virus/malware to other files.

Restore the quarantined file via GUI (Windows)

Do either of the following:

  • Option 1

    1. Log on to the WFBS-SVC console.
    2. Go to Administration Tools > Endpoint Tools > Restore Infected Files and click Download the tool.

      The Restore Infected Files tool requires the following files:

      • Main file: VSEncode.exe
      • Required DLL file: VSAPI32.dll
    3. Extract the downloaded compressed file.
    4. Go to the folder where the tool is saved (for example: c:\VSEncrypt) and double-click VSEncode.exe /u.
    5. Select the file you want to restore.
    6. Click Restore.
  • Option 2

    1. Run CMD as Administrator.
    2. Change Directory to the folder where the tool was saved (for example: cd c:\VSEncrypt).
    3. Enter the following command:

      VSEncode.exe /u

    4. Select the file you want to restore.
    5. Click Restore.

Setting up exclusions

You can still restore an infected file after it has been detected and quarantined. However, it will be detected and quarantined again after the file is restored. This results in a loop.

To avoid this issue, first, add the file in the virus exception list by following these steps:

  1. Log on to the WFBS-SVC console.
  2. Go to Security Agents and choose the Group name where the device belongs to.
  3. Click Configure Policy and go to the Windows tab by clicking the Windows logo.

    Click on the Windows logo

  4. Under Real-Time Scan/Scheduled Scan/Manual Scan, specify the Folder path where you want to save the restored files.
  5. Click Save then wait for 5-15 minutes for the exclusions to be applied to your agents.
  6. Restore the files using VSEncode.exe on the target machine where the exclusions were applied.

Download: Vsencrypt