Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Restoring quarantined files in Worry- Free Business Security Services (WFBS-SVC)

    • Updated:
    • 15 Apr 2016
    • Product/Version:
    • Worry-Free Business Security Services 5.7
    • Worry-Free Business Security Services for Dell 5.6
    • Platform:
    • Windows 2003 Enterprise
    • Windows 2003 Home Server
    • Windows 2003 Server R2
    • Windows 2003 Small Business Server
    • Windows 2003 Small Business Server R2
    • Windows 2003 Standard
    • Windows 2008 Essential Business Server
    • Windows 2008 Server R2
    • Windows 2008 Small Business Server
    • Windows 2008 Standard
    • Windows 2011 Small Business Server Standard
    • Windows 7 32-bit
    • Windows 7 64-bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Home
    • Windows XP Professional
Summary

Know the different ways on how you can restore files that were quarantined by the WFBS-SVC Agent.

Details
Public

Whenever the Agent backs up, quarantines, or renames an infected file or attachment, it encrypts the file/attachment. This is done to prevent users from opening these files and spreading the virus/malware to other files on the client.

Quarantined files and backup files are stored in the following folders:

  • ..\Program Files\Trend Micro\Client Server Security Agent\Suspect
  • ..\Program Files\Trend Micro\Client Server Security Agent\Backup\
 
Decrypting an infected file could spread the virus/malware to other files.

For a Windows device

To restore the quarantined file back to its original state, do either of the following:

  1. Log on to the WFBS-SVC console.
  2. Download the Restore Encrypted Virus tool. Go to Adminstration > Tools > Restore Encrypted Virus.

    The Restore Encrypted Virus tool requires the following files:

    • Main file: VSEncode.ex
    • Required DLL file: VSAPI32.dll
  3. Go to the folder where the tool is saved (for example: c:\VSEncrypt) and enter VSEncode.exe /u.
  4. Select the file you want to restore.
  5. Click Restore.
  1. Copy VSEncrypt to the client.

     
    Do not copy the VSEncrypt folder to the ..\Client Server Security Agent folder. The VSAPI32.dll file of Restore Encrypted Virus will conflict with the original VSAPI32.dll.
  2. Open a command prompt and go to the location where you copied the VSEncrypt folder.
  3. Run the Restore Encrypted Virus using the following parameters:
    • no parameter: Encrypt files in the Quarantine folder-d: Decrypt files in the Quarantine folder
    • -debug: Create debug log and output in the root folder of the client
    • /o: Overwrite encrypted or decrypted file if it already exists
    • /f: {filename}. Encrypt or decrypt a single file
    • /nr: Do not restore original file name

    For example, you can type VSEncode [-d] [-debug] to decrypt files in the Quarantine folder and create a debug log. When you decrypt or encrypt a file, the decrypted or encrypted file is created in the same folder.

    Be reminded that you may not be able to encrypt or decrypt files that are locked.

For a Mac device

You can still restore an infected file after it has been detected and quarantined. However, it will be detected and quarantined again after the file is restored. This results in a loop.

To avoid this issue, add first the file in the virus exception list by following the steps below:

  1. Log in to WFBS-SVC console.
  2. Go to Devices and choose the Group name where the MAC device belongs.
  3. Click Configure Policy and go to the Mac tab.
  4. Untick the Enable real-time Antivirus/Anti-spyware option
  5. On the Scan Target field, select Scan files being retrieved or executed.
  6. Click Enable Exclusions and add the restore file in the exclusion list.
  7. Add the restored target directory into the exclusion list.
  8. Restore the file.
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1096302
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.