Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Deleting more than 100 quarantined files in Deep Security

    • Updated:
    • 14 Nov 2016
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • N/A N/A
Summary

The Deep Security Manager (DSM) is currently limited to delete 100 quarantined files at a time. This article shows you how to delete more than 100 quarantined files at a time.

Details
Public

To delete the files from the DSM Database, do the following:

  1. Determine the "HostID" and "BIOS UUID" of the VM from which you wish to delete more than a 100 quarantined files.
    1. You can query the DSM SQL Database to determine "HostID" and "BIOS UUID".

      select * from hosts where Hostname like '%YOUR_PC_NAME%'

    2. You can query the DSM SQL Database to determine "HostID" and "BIOS UUID".
      1. Open the DSM Console and go to Computer > VM console > Overview > VMware Virtual Machine Summary.
      2. Find the value of "Bios UUID" and take note of the UUID.
  2. Procced to manually delete the events and files from the DSM SQL Database (for example: the HostID is 89; UUID of the VM is:42149a0e-a867-2174-90de-814eb00a6b83)
    1. Use the command below to query the Anti-Malware Events for their existence first.

      select * from antimalwarequarantinedfile where HostID = 89

    2. Use the command below to delete the Anti-Malware Events form the DSM SQL Database:

      delete from antimalwarequarantinedfile where HostID = 89

To delete the quarantined files from DSVA, do the steps below:

  1. Login to the DSVA, using SSH with Putty.
  2. Switch to the user "root" with the command "#~ sudo -bash" and enter your DSVA Password.
  3. Navigate to the location of the quarantined files within the DSVA.
    "#~ cd /var/opt/ds_agent/guests/42149a0e-a867-2174-90de-814eb00a6b83/quarantined"
    !! Note !! The UUID from Point [A] remsins for this task
  4. Delete all Quarantined Files for this UUID.

    "rm -rf *.qtn"

Premium
Internal
Rating:
Category:
Troubleshoot; Remove a Malware / Virus
Solution Id:
1115800
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.