Jump to content

How to manually restore quarantined files?


Recommended Posts

I ran a scan. Immunet quarantined ~80 files.

I believe ~70 of them were false positives. I want to restore them.

I have already tried the restore functionality in the GUI. It fails with the message "File Could Not Be Restored. Check to see if Agent is online. Please Contact support@immunet.com." on most of the restores. Some restores did succeed.

I can get most of the files from the original source but there are ~5 that I can't get elsewhere and do need to be restored.

I have searched around these forums and have found others reporting similar issues.

One observation that I made that I don't see anyone else making is there is no file called agent.exe anywhere on my system. Where is that file supposed to reside? The GUI seems fine. Doesn't complain about anything being broken.

Most importantly for me, how do I restore those ~5 files I absolutely need restored? Is there a manual process?

I see a bunch of files in C:\Program Files\Immunet\Quarantine. Are they encrypted somehow? How to decrypt them?

Thanks.

Link to comment
Share on other sites

What was the software program that caused the quarantine responses? Also, what is the malware detection names of the 5 files in question?

When Immunet quarantines a file it is indeed encrypted which makes it inaccessible by conventional means.

Sometimes if a file can't be restored it could be a temp file created by the software but has been deleted once the program was stopped.

Link to comment
Share on other sites

12 minutes ago, ritchie58 said:

What was the software program that caused the quarantine responses? Also, what is the malware detection names of the 5 files in question?

When Immunet quarantines a file it is indeed encrypted which makes it inaccessible by conventional means.

Sometimes if a file can't be restored it could be a temp file created by the software but has been deleted once the program was stopped.

These quarantine responses weren't caused (in "real-time") while running some program. I manually started a (full system, I think) scan in Immunet.

I don't want to share the names of the files publicly. Why are they relevant? I can tell you that most were exe or dll files.

Given my responses to the above it should be clear that these were not temporary files created while some program was running. These files existed on the disk when I started the Immunet scan.

Link to comment
Share on other sites

It will be rather difficult to assist you further without knowing the affected file names, the program in question & the malware detection name(s).

That's like trying to repair something in complete darkness. A rather difficult endeavor!

I didn't say that was the issue with you but that "sometimes" a temp file can be the cause of a failed Quarantine Restore.

If you don't want to post this info here you can send me a Private Message with the requested data. That's an option at your disposal.

Link to comment
Share on other sites

21 minutes ago, ritchie58 said:

It will be rather difficult to assist you further without knowing the affected file names, the program in question & the malware detection name(s).

That's like trying to repair something in complete darkness. A rather difficult endeavor!

I didn't say that was the issue with you but that "sometimes" a temp file can be the cause of a failed Quarantine Restore.

If you don't want to post this info here you can send me a Private Message with the requested data. That's an option at your disposal.

Just sent you a PM with the details.

Thanks for all the help.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...