Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Restoring files detected as spyware in Worry-Free Business Security (WFBS)

    • Updated:
    • 12 Feb 2015
    • Product/Version:
    • Worry-Free Business Security Standard/Advanced 8.0
    • Worry-Free Business Security Standard/Advanced 9.0
    • Platform:
    • Windows 2003 Enterprise
    • Windows 2003 Standard
    • Windows 2008 Enterprise
    • Windows 2008 Small Business Server
    • Windows 2008 Standard
    • Windows 2012 Enterprise
    • Windows 7 32-bit
    • Windows 7 64-bit
    • Windows 8 32-bit
    • Windows 8 64-bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Home
    • Windows XP Professional
Summary

Learn the steps on how you can restore files that WFBS detected as false positive spyware.

Details
Public

WFBS creates a backup (.ssb) file in ..\Program Files\Trend Micro\Security Agent\BackupAS\Clean_Session__-_1175485229.ssb before cleaning a detected spyware.

To restore the .ssb files:

  1. On the Security Server, copy the Restorespyware.exe file located in ..\PCCSRV\Admin\Utility\RestoreSpyware directory.
  2. Go to the Security Agent machine and paste the copied file into the ..\Program Files\Trend Micro\Security Agent directory.
  3. Still on the Security Agent, click Start > Run.
  4. Type "cmd" and then click OK to open the command prompt.
  5. Go to the ..\Program Files\Trend Micro\Security Agent directory and run the command:

    Restorespyware "<filename>"

    For example: Restorespyware "Clean_Session__-_1175485229.ssb"

     
    You do not have to define the path of the .ssb file as shown in the example above.
  6. Type "Y" then press ENTER to restore the file to its original location.
    All files detected as spyware/grayware during that scan session are restored to their original locations.
    If the file was detected on a removable drive, make sure to plug a flash drive with the same drive letter and accessible during restoration.
  7. Exclude the file that you restore on all scan types, then run another spyware/grayware scan on the machine.
     
    Exclude the detected spyware name on Real-time, Scheduled, and Manual Scans. Otherwise, when the spyware scan has been triggered, it will delete the application/file again.
  1. On the Security Server, copy the Restorespyware_64x.exe file located in ..\PCCSRV\Admin\Utility\RestoreSpyware directory.
  2. Go to the Security Agent machine and paste the copied file into the ..\Program Files\Trend Micro\Security Agent directory.
  3. Still on the Security Agent, click Start > Run.
  4. Type "cmd" and then click OK to open the command prompt.
  5. Go to the ..\Program Files\Trend Micro\Security Agent directory and run this command:

    Restorespyware_64x "<filename>"

    For example: Restorespyware_64x "Clean_Session__-_1175485229.ssb"

     
    You do not have to define the path of the .ssb file as shown in the example above.
  6. Type "Y" then press ENTER to restore the file to its original location.
    All files detected as spyware/grayware during that scan session are restored to their original locations.
    If it is detected on a removable drive, make sure to plug a flash drive with the same drive letter and accessible during restoration.
  7. Exclude the file that you restore on all scan types, then run another spyware/grayware scan on the machine.
     
    Exclude the detected spyware name on Real-time, Scheduled, and Manual Scans. Otherwise, when the spyware scan has been triggered, it will delete the application/file again.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
1034769
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.