scanactvmec
To prevent infected from being opened, OfficeScan encrypts the file during the following instances:
Before quarantining a file
When backing up a file before cleaning it
OfficeScan provides a tool that decrypts and then restores the file in case you need to retrieve information from it. OfficeScan can decrypt and restore the following files:
|
Files that OfficeScan can Decrypt and Restore |
|
File |
Description |
|
Quarantined files on the client computer |
These files are found in the <Client installation folder>\SUSPECT\Backup folder and are automatically purged after 7 days. These files are also uploaded to the designated quarantine directory on the OfficeScan server. |
|
Quarantined files on the designated quarantine directory |
By default, this directory is located on the OfficeScan server computer. For details, see Quarantine Directory. |
|
Backed up encrypted files |
These are the backup of infected files that OfficeScan was able to clean. These files are found in the <Client installation folder>\Backup folder. To restore these files, users need to move them to the <Client installation folder>\SUSPECT\Backup folder. OfficeScan only backs up and encrypts files before cleaning if you select Backup files before cleaning in Networked Computers > Client Management > Settings > {Scan Type} > Action tab. |
Restoring an infected file may spread the virus/malware to other files and computers. Before restoring the file, isolate the infected computer and move important files on this computer to a backup location.
To decrypt and restore files:
If the file is on the OfficeScan client computer:
Open a command prompt and navigate to <Client installation folder>.
Run VSEncode.exe by typing the following:
VSEncode.exe /u
This parameter opens a screen with a list of files found under <Client installation folder>\SUSPECT\Backup.
Select a file to restore and click Restore. The tool can only restore one file at a time.
In the screen that opens, specify the folder where to restore the file.
Click Ok. The file is restored to the specified folder.
It might be possible for OfficeScan to scan the file again and treat it as infected as soon as the file is restored. To prevent the file from being scanned, add it to the scan exclusion list. See Scan Exclusions for details.
Click Close when you have finished restoring files.
If the file is on the OfficeScan server or a custom quarantine directory:
If the file is on the OfficeScan server computer, open a command prompt and navigate to <Server installation folder>\PCCSRV\Admin\Utility\VSEncrypt.
If the file is on a custom quarantine directory, navigate to <Server installation folder>\PCCSRV\Admin\Utility and copy the VSEncrypt folder to the computer where the custom quarantine directory is located.
Create a text file and then type the full path of the files you want to encrypt or decrypt.
For example, to restore files in C:\My Documents\Reports, type C:\My Documents\Reports\*.* in the text file.
Quarantined files on the OfficeScan server computer are found under <Server installation folder>\PCCSRV\Virus.
Save the text file with an INI or TXT extension. For example, save it as ForEncryption.ini on the C: drive.
Open a command prompt and navigate to the directory where the VSEncrypt folder is located.
Run VSEncode.exe by typing the following:
VSEncode.exe /d /i <location of the INI or TXT file>
Where:
<location of the INI or TXT file> is the path of the INI or TXT file you created (for example, C:\ForEncryption.ini).
Use the other parameters to issue various commands.
|
Restore Parameters |
For example, type VSEncode [/d] [/debug] to decrypt files in the Suspect folder and create a debug log. When you decrypt or encrypt a file, OfficeScan creates the decrypted or encrypted file in the same folder. Before decrypting or encrypting a file, ensure that it is not locked.
See also: