Views:
Note
Note
This feature is only available for Windows endpoints.
Security Agents encrypt infected files and attachments to prevent users from opening them and spreading viruses or malware to other files on the endpoint.
Whenever the Security Agent backs up, quarantines, or renames an infected file, the Security Agent also encrypts the file. The quarantined file is typically stored in the C:\Program Files\Trend Micro\Client Server Security Agent\Suspect folder on the endpoint. A backup file is stored in the \Backup folder of the endpoint in C:\Program Files\Trend Micro\Client Server Security Agent\Backup\.
There may be some situations when you have to open the file even if you know it is infected. For example, if an important document has been infected and you need to retrieve the information from the document, you will need to decrypt the infected file to retrieve your information. You use the tool to decrypt infected files you want to open.
Restoring encrypted files requires the following tasks:
  1. Exclude the folder where you want to restore the encrypted file from security scans.
    See Excluding Folders from Scans for more information.
  2. Download the tool from the Worry-Free Business Security Services web console.
    Download link: AdministrationToolsRestore Infected Files.
    The ZIP file contains the following:
    • Main files: VSEncode.exe, RestoreSpyware.exe, RestoreSpyware_64x.exe
    • Required DLL file: VSAPI32.dll
  3. Save a copy of the tool to the endpoint.
    Note
    Note
    Do not copy the VSEncrypt folder to the ..\Client Server Security Agent folder. The VSAPI32.dll file from the tool will conflict with the original VSAPI32.dll in the Security Agent folder.
  4. Restore the infected file using one of the following methods:
The tool provides the following logs:
  • VSEncrypt.log: Contains the encryption or decryption details. This file is created automatically in the temp folder for the user logged on the endpoint (normally, on the C: drive).
  • VSEncDbg.log: Contains the debug details. This file is created automatically in the temp folder for the user logged on the endpoint (normally, on the C: drive) if you run VSEncode.exe with the -debug parameter.