Know the different ways on how you can restore files that were quarantined by the WFBS-SVC Agent.
Whenever the Agent backs up, quarantines, or renames an infected file or attachment, it encrypts the file/attachment. This is done to prevent users from opening these files and spreading the virus/malware to other files on the client.
Quarantined files and backup files are stored in the following folders:
- ..\Program Files\Trend Micro\Client Server Security Agent\Suspect
- ..\Program Files\Trend Micro\Client Server Security Agent\Backup\
Restore the quarantined file via GUI (Windows)
- Log on to the WFBS-SVC console.
- Download the Restore Encrypted Virus tool. Go to Adminstration > Tools > Restore Encrypted Virus.
The Restore Encrypted Virus tool requires the following files:
- Main file: VSEncode.ex
- Required DLL file: VSAPI32.dll
- Go to the folder where the tool is saved (for example: c:\VSEncrypt) and enter VSEncode.exe /u.
- Select the file you want to restore.
- Click Restore.
For a Mac device
You can still restore an infected file after it has been detected and quarantined. However, it will be detected and quarantined again after the file is restored. This results in a loop.
To avoid this issue, add first the file in the virus exception list by following the steps below:
- Log in to WFBS-SVC console.
- Go to Devices and choose the Group name where the MAC device belongs.
- Click Configure Policy and go to the Mac tab.
- Untick the Enable real-time Antivirus/Anti-spyware option.
- On the Scan Target field, select Scan files being retrieved or executed.
- Click Enable Exclusions and add the restore file in the exclusion list.
- Add the restored target directory into the exclusion list.
- Restore the file.