WFBS creates a backup (.ssb) file in ..\Program Files\Trend Micro\Security Agent\BackupAS\Clean_Session__-_1175485229.ssb before cleaning a detected spyware.
To restore the .ssb files:
- On the Security Server, copy the Restorespyware.exe file located in ..\PCCSRV\Admin\Utility\RestoreSpyware directory.
- Go to the Security Agent machine and paste the copied file into the ..\Program Files\Trend Micro\Security Agent directory.
- Still on the Security Agent, click Start > Run.
- Type "cmd" and then click OK to open the command prompt.
- Go to the ..\Program Files\Trend Micro\Security Agent directory and run the command:
Restorespyware "<filename>"
For example: Restorespyware "Clean_Session__-_1175485229.ssb"
You do not have to define the path of the .ssb file as shown in the example above. - Type "Y" then press ENTER to restore the file to its original location.
All files detected as spyware/grayware during that scan session are restored to their original locations.
If the file was detected on a removable drive, make sure to plug a flash drive with the same drive letter and accessible during restoration. - Exclude the file that you restore on all scan types, then run another spyware/grayware scan on the machine.
Exclude the detected spyware name on Real-time, Scheduled, and Manual Scans. Otherwise, when the spyware scan has been triggered, it will delete the application/file again.
- On the Security Server, copy the Restorespyware_64x.exe file located in ..\PCCSRV\Admin\Utility\RestoreSpyware directory.
- Go to the Security Agent machine and paste the copied file into the ..\Program Files\Trend Micro\Security Agent directory.
- Still on the Security Agent, click Start > Run.
- Type "cmd" and then click OK to open the command prompt.
- Go to the ..\Program Files\Trend Micro\Security Agent directory and run this command:
Restorespyware_64x "<filename>"
For example: Restorespyware_64x "Clean_Session__-_1175485229.ssb"
You do not have to define the path of the .ssb file as shown in the example above. - Type "Y" then press ENTER to restore the file to its original location.
All files detected as spyware/grayware during that scan session are restored to their original locations.
If it is detected on a removable drive, make sure to plug a flash drive with the same drive letter and accessible during restoration. - Exclude the file that you restore on all scan types, then run another spyware/grayware scan on the machine.
Exclude the detected spyware name on Real-time, Scheduled, and Manual Scans. Otherwise, when the spyware scan has been triggered, it will delete the application/file again.