Restore Quarantined file in Traps

Reply

Restore Quarantined file in Traps

Hello,

 

When a file is Quarantined in traps by a wildfire malware verdic or Hash Control policy, I realize that you can not restore the file from the Hash control policy unless you change the verdict first to benign, is this how it is supposed to work, as the admin guide does not require this step except that it will prevent Traps from keep quarantining the file, but my point is that the option to restore is greyed out and even if I try to do it from the action list it would show: "There were no candidates for Restore".

However I am able to restore it using cytool, even if the verdict is still malware.

 

So I want to confirm if "restore file" feature is enabled from ESM server only after changing the verdict to Benign.

Also I dont think it is a bug as I have tested it on ESM 4.2.1 and 4.2.2, and Traps agent 4.2.2 and 4.1.4.

 

Thanks

Re: Restore Quarantined file in Traps

I have just tested on ESM 4.1.4 and the same behaviour is there.

L4 Transporter

Re: Restore Quarantined file in Traps

hi @AbdulRahman_Safwat

This is indeed an expected behavior as you said, to prevent files from getting quarantined again after restoration.

We will review our documentation  and correct it as needed to better clarify this behavior.

Thanks!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!