Decrypting and Restoring Files

  • If the file is on the Security Agent endpoint:
    1. Open a command prompt and go to <Agent installation folder>.
    2. Run VSEncode.exe by double-clicking the file or by typing the following at a command prompt:

      VSEncode.exe /u

      This parameter opens a screen with a list of files found under <Agent installation folder>\SUSPECT\Backup.

    3. Select a file to restore and click Restore. The tool can only restore one file at a time.
    4. In the screen that opens, specify the folder where to restore the file.
    5. Click Ok. The file is restored to the specified folder.
      Note:

      It might be possible for Apex One to scan the file again and treat it as infected as soon as the file is restored. To prevent the file from being scanned, add it to the scan exclusion list. See Scan Exclusions for details.

    6. Click Close when you have finished restoring files.
  • If the file is on the Apex One server or a custom quarantine directory:
    1. If the file is on the Apex One server computer, open a command prompt and go to <Server installation folder>\PCCSRV\Admin\Utility\VSEncrypt.

      If the file is on a custom quarantine directory, navigate to <Server installation folder>\PCCSRV\Admin\Utility and copy the VSEncrypt folder to the endpoint where the custom quarantine directory is located.

    2. Create a text file and then type the full path of the files you want to encrypt or decrypt.

      For example, to restore files in C:\My Documents\Reports, type C:\My Documents\Reports\*.* in the text file.

      Quarantined files on the Apex One server computer are found under <Server installation folder>\PCCSRV\Virus.

    3. Save the text file with an INI or TXT extension. For example, save it as ForEncryption.ini on the C: drive.
    4. Open a command prompt and go to the directory where the VSEncrypt folder is located.
    5. Run VSEncode.exe by typing the following:

      VSEncode.exe /d /i <location of the INI or TXT file>

      Where:

      <location of the INI or TXT file> is the path of the INI or TXT file you created (for example, C:\ForEncryption.ini).

    6. Use the other parameters to issue various commands.
      Table 1. Restore Parameters

      Parameter

      Description

      None (no parameter)

      Encrypt files

      /d

      Decrypt files

      /debug

      Create a debug log and save it to the endpoint. On the Security Agent endpoint, the debug log VSEncrypt.log is created in the <Agent installation folder>.

      /o

      Overwrite an encrypted or decrypted file if it already exists

      /f <filename>

      Encrypt or decrypt a single file

      /nr

      Do not restore the original file name

      /v

      Display information about the tool

      /u

      Launch the tool’s user interface

      /r <Destination folder>

      The folder where a file will be restored

      /s <Original file name>

      The file name of the original encrypted file

      For example, type VSEncode [/d] [/debug] to decrypt files in the Suspect folder and create a debug log. When you decrypt or encrypt a file, Apex One creates the decrypted or encrypted file in the same folder. Before decrypting or encrypting a file, ensure that it is not locked.

Parent topic: Restoring Encrypted Files