How to restore a file from Quarantine?

Version 2

    Description

    Sometimes Antivirus agents detect a file as a virus although that file might be a legitimate piece of software - a  false positive. In this kind of situations it is necessary to recovery the quarantined file and exclude it from antivirus scanning process. In this article we will be looking at how to recover a file from quarantine.

     

    Note, in certain cases you will have to first exclude the file that was quarantined as false positive before you can proceed with the following steps.

     

    Solution

    Changing LANDesk Antivirus Settings and deploy them to the clients

     

    1. In the LANDesk Management Suite Console open Security and Patch Manager.
    2. In Security and Patch Manager navigate to Settings > LANDesk Antivirus. In here there is at least one Antivirus Settings. Double-click this setting
    3. In LANDesk Antivirus Settings click on Quarantine/Backup on the left hand side
    4. On the right hand side under Restoring Objects check one or all of the boxes for
      - Allow user to restore suspicious object
      - Allow user to restore infected objects and risky software
      - User must enter password to restore objects and enter the password as needed.
      The latter option is a feature to prevent everyone restoring quarantined files unless they know the password which is typically known by the administrators or help desk and support people.
    5. Save and close Antivirus Settings.
    6. Now, the change needs to be made available to the clients. For this, click Create A Task icon in Security and Patch Manager and select Change Settings...
    7. In Change Settings give a task name, select the type of task required and click LANDesk Antivirus Settings in the column Settings. This will open a list containing LANDesk Antivirus Settings available. Select the one that was changed and click OK.
    8. A new task is now created with the name specified earlier. Add clients to this task and start it.

     

    Once the changed setting is applied to the client(s), quarantined files can be opened as per below steps

     

    Restoring a quarantined file on the client
    1. From the Start Menu open LANDesk Antivirus
    2. Disable Realtime Protection by clicking "Disable" next to the "Realtime is Enabled" message.   If this isn't available, it must be set in the Settings.
    3. If a file is quarantined there will "View details" next to Quarantined. Click on View details
    4. The Quarantine window will now open with the list of file(s) being listed that are currently quarantined.
    5. Select the file you would like restore and click on Restore...
    6. A warning window will popup. If you are still sure you want to restore that file, click on Restore File
    7. Next you will be asked where you would like to restore the file. Select your location and click Save.