My Bitdefender
  • 0 Shopping Cart

Accessing and Restoring Quarantined Files in VMware Environments Integrated with vShield Endpoint

Bitdefender GravityZone provides full visibility into organizations’ overall security posture, global security threats, and control over its security services that protect virtual or physical desktops, servers and mobile devices. All Bitdefender’s Enterprise Security solutions are managed within the GravityZone through a single console, Control Center, that provides control, reporting, and alerting services for various roles within the organization

This article is meant to help you understand the procedure of restoring quarantined files in VMware environments integrated with vShield Endpoint.

Overview

By default, the GravityZone security services isolate suspicious files and the malware-infected files that cannot be disinfected in a secure area named quarantine. When a virus is in quarantine it cannot do any harm because it cannot be executed or read.

In a virtualized environment protected by Security for Virtualized Environments (Multi-Platform), Bitdefender GravityZone offers the possibility to restore quarantined files to their original location directly from the Control Center interface.

In virtualized environments integrated with VMware vShield Endpoint, on the other hand, quarantined files are not stored on the virtual machines, but on the Security Server appliance. Consequently, for this type of environment, you cannot restore quarantined files automatically from Control Center.

If you want to examine or recover data from quarantined files, you can download them from the Security Server using Control Center. Quarantined files are downloaded as an encrypted, password-protected ZIP archive to prevent accidental malware infection.

To open the archive and extract its content, you must use the Quarantine Tool.

Downloading the Quarantine Tool

Quarantine Tool is a standalone application that does not require installation. Two versions are available: one for Windows and the other for Linux.

  • The Windows version runs on Windows XP or later.
  • The Linux version runs on recent versions of most 32-bit Linux distributions with graphical user interface (GUI). The tool is compatible with any desktop environment. Note that Quarantine Tool for Linux does not have command line interface.

You can download the appropriate Quarantine Tool for your operating system from the links below:

Downloading quarantined files to your computer

To download quarantined files to your computer:

  1. Log in to Control Center
  2. Go to the Quarantine page.
  3. Choose Virtual Machines from the service selector.
  4. Select the files you want to download.
  5. Click the Download button at the right side of the Quarantine table.

Depending on your browser settings, the files may be downloaded automatically to a default download location.

Accessing and restoring quarantined files

To access the quarantined files:

  1. Open Quarantine Tool (for example, by double-clicking it).
  2. Open the archive containing the quarantined files in Quarantine Tool by doing any of the following:
    • From the File menu, choose Open.
    • Click the Open icon on the toolbar.
    • Use the Ctrl+O keyboard shortcut.

    Files are organized in the archive by virtual machine they were detected on and preserving their original path.

  3. Before extracting the archived files, if on-access antimalware scan is enabled on the system, make sure to either completely disable it or configure a scan exclusion for the location where you will extract the files. Otherwise, your antimalware program will detect and take action on extracted files.
  4. Extract the archived files to the location of your choosing by doing any of the following:
    • From the File menu, choose Extract.
    • Click the Extract icon on the toolbar.
    • Use the Ctrl+E keyboard shortcut.

To restore the files to their original location, you need to manually transfer them to the location on the virtual machine they were detected on after you save them on your computer.