Restore identified files | Trend Micro Service Central

Views:

Restore a file Server & Workload Protection encrypted and quarantined in response to detecting malware in the file.

WARNING

Restoring an infected file can spread the virus/malware to other files and computers. Before restoring the file, isolate the infected endpoint and move important files on this endpoint to a backup location.

To restore an identified file, you must first create an exclusion to prevent Server & Workload Protection from immediately identifying and quarantining the file again. Use the following steps to create the exclusion and restore the identified file from the console.

Note

The following steps apply the exception to a specific computer. However, you can use the same method to apply the exception at the policy level if you want to prevent Server & Workload Protection from identifying the file on other endpoints.

To manually restore a downloaded file, see Manually restore identified files.

Procedure

In the Trend Vision One console, access the Server & Workload Protection instance managing the infected endpoint.
Go to Computers and open the details for the affected computer.
Go to Anti-Malware → Identified Files.
Locate the file you want to restore and click View to open the Details window.

Use the filters or advanced search to find the file you want to restore.
Copy the exact file name and original location.
Go to Anti-Malware → General.
Edit the Malware Scan Configuration for each scan type.

Repeat these steps for Real-Time Scan, Manual Scan, and Scheduled Scan.
1. Under the scan type you want to configure, locate Malware Scan Configuration and click Edit.
2. Go to the Exclusions tab.
3. Enable File List and select a list to edit.
  
  Note
  
  Select New... from the list of file lists if a list does not already exist.
4. To edit the file list, click Edit.
5. In the File(s) field, specify the original full file path of the file you want to restore.
  
  A full file path includes the root drive, all folder names, file name, and file extension. For example:
  
  C:\Documents\example.doc
6. Click OK to close the File List.
7. Click OK to close the Malware Scan Configuration.
Once you have configured all scan types, click Save to apply the exception to the endpoint.
With the computer details screen still open, go to Anti-Malware → Identified Files.
Select the file you want to restore and click Restore.

Follow the steps in the on-screen wizard to restore the file.