Jump to content
SMM

How to manually restore quarantined files?

Recommended Posts

I ran a scan. Immunet quarantined ~80 files.

I believe ~70 of them were false positives. I want to restore them.

I have already tried the restore functionality in the GUI. It fails with the message "File Could Not Be Restored. Check to see if Agent is online. Please Contact support@immunet.com." on most of the restores. Some restores did succeed.

I can get most of the files from the original source but there are ~5 that I can't get elsewhere and do need to be restored.

I have searched around these forums and have found others reporting similar issues.

One observation that I made that I don't see anyone else making is there is no file called agent.exe anywhere on my system. Where is that file supposed to reside? The GUI seems fine. Doesn't complain about anything being broken.

Most importantly for me, how do I restore those ~5 files I absolutely need restored? Is there a manual process?

I see a bunch of files in C:\Program Files\Immunet\Quarantine. Are they encrypted somehow? How to decrypt them?

Thanks.

Share this post


Link to post
Share on other sites

What was the software program that caused the quarantine responses? Also, what is the malware detection names of the 5 files in question?

When Immunet quarantines a file it is indeed encrypted which makes it inaccessible by conventional means.

Sometimes if a file can't be restored it could be a temp file created by the software but has been deleted once the program was stopped.

Share this post


Link to post
Share on other sites
12 minutes ago, ritchie58 said:

What was the software program that caused the quarantine responses? Also, what is the malware detection names of the 5 files in question?

When Immunet quarantines a file it is indeed encrypted which makes it inaccessible by conventional means.

Sometimes if a file can't be restored it could be a temp file created by the software but has been deleted once the program was stopped.

These quarantine responses weren't caused (in "real-time") while running some program. I manually started a (full system, I think) scan in Immunet.

I don't want to share the names of the files publicly. Why are they relevant? I can tell you that most were exe or dll files.

Given my responses to the above it should be clear that these were not temporary files created while some program was running. These files existed on the disk when I started the Immunet scan.

Share this post


Link to post
Share on other sites

It will be rather difficult to assist you further without knowing the affected file names, the program in question & the malware detection name(s).

That's like trying to repair something in complete darkness. A rather difficult endeavor!

I didn't say that was the issue with you but that "sometimes" a temp file can be the cause of a failed Quarantine Restore.

If you don't want to post this info here you can send me a Private Message with the requested data. That's an option at your disposal.

Share this post


Link to post
Share on other sites
21 minutes ago, ritchie58 said:

It will be rather difficult to assist you further without knowing the affected file names, the program in question & the malware detection name(s).

That's like trying to repair something in complete darkness. A rather difficult endeavor!

I didn't say that was the issue with you but that "sometimes" a temp file can be the cause of a failed Quarantine Restore.

If you don't want to post this info here you can send me a Private Message with the requested data. That's an option at your disposal.

Just sent you a PM with the details.

Thanks for all the help.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...