Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Restoring quarantined files in Worry- Free Business Security Services (WFBS-SVC)

    • Updated:
    • 10 Sep 2019
    • Product/Version:
    • Worry-Free Business Security Services 5.7
    • Worry-Free Business Security Services 6.1
    • Worry-Free Business Security Services 6.2
    • Worry-Free Business Security Services 6.3
    • Worry-Free Business Security Services 6.5
    • Worry-Free Business Security Services 6.6
    • Worry-Free Business Security Services for Dell 5.6
    • Platform:
    • Windows 2003 Enterprise
    • Windows 2003 Home Server
    • Windows 2003 Server R2
    • Windows 2003 Small Business Server
    • Windows 2003 Small Business Server R2
    • Windows 2003 Standard
    • Windows 2008 Essential Business Server
    • Windows 2008 Server R2
    • Windows 2008 Small Business Server
    • Windows 2008 Standard
    • Windows 2011 Small Business Server Standard
    • Windows 7 32-bit
    • Windows 7 64-bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Home
    • Windows XP Professional
Summary

Know the different ways on how you can restore files that were quarantined by the WFBS-SVC Agent.

Details
Public

Whenever the Agent backs up, quarantines, or renames an infected file or attachment, it encrypts the file/attachment. This is done to prevent users from opening these files and spreading the virus/malware to other files on the client.

Quarantined files and backup files are stored in the following folders:

  • ..\Program Files\Trend Micro\Client Server Security Agent\Suspect
  • ..\Program Files\Trend Micro\Client Server Security Agent\Backup\
 
Decrypting an infected file could spread the virus/malware to other files.

Restore the quarantined file via GUI (Windows)

  1. Log on to the WFBS-SVC console.
  2. Go to Administration Tools > Restore Encrypted Virus and click Download the tool.

    The Restore Infected Files tool requires the following files:

    • Main file: VSEncode.ex
    • Required DLL file: VSAPI32.dll
  3. Extract the downloaded compressed file.
  4. Go to the folder where the tool is saved (for example: c:\VSEncrypt) and enter VSEncode.exe /u.
  5. Select the file you want to restore.
  6. Click Restore.

Setting up exclusions

You can still restore an infected file after it has been detected and quarantined. However, it will be detected and quarantined again after the file is restored. This results in a loop.

To avoid this issue, first, add the file in the virus exception list by following these steps:

  1. Log on to the WFBS-SVC console.
  2. Go to Security Agents and choose the Group name where the device belongs to.
  3. Click Configure Policy and go to the Windows tab by clicking the Windows logo.
  4. Under Real-Time Scan/Scheduled Scan/Manual Scan, specify the Folder path where you want to save the restored files.
  5. Click Save then wait for 5-15 minutes for the exclusions to be applied to your agents.
  6. Restore the files using VSEncode.exe on the target machine where the exclusions were applied.
Premium
Test Now
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1096302
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.