This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Restore Quarantined file in Traps

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Restore Quarantined file in Traps

Go to solution
AbdulRahman_Safwat
L2 Linker

‎01-08-2019 09:28 AM

Hello,

 

When a file is Quarantined in traps by a wildfire malware verdic or Hash Control policy, I realize that you can not restore the file from the Hash control policy unless you change the verdict first to benign, is this how it is supposed to work, as the admin guide does not require this step except that it will prevent Traps from keep quarantining the file, but my point is that the option to restore is greyed out and even if I try to do it from the action list it would show: "There were no candidates for Restore".

However I am able to restore it using cytool, even if the verdict is still malware.

 

So I want to confirm if "restore file" feature is enabled from ESM server only after changing the verdict to Benign.

Also I dont think it is a bug as I have tested it on ESM 4.2.1 and 4.2.2, and Traps agent 4.2.2 and 4.1.4.

 

Thanks

0 Likes Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
briancaw
L4 Transporter

‎01-09-2019 09:27 AM

hi @AbdulRahman_Safwat

This is indeed an expected behavior as you said, to prevent files from getting quarantined again after restoration.

We will review our documentation  and correct it as needed to better clarify this behavior.

Thanks!

View solution in original post

2 REPLIES 2

Go to solution
AbdulRahman_Safwat
L2 Linker

‎01-08-2019 11:53 PM

I have just tested on ESM 4.1.4 and the same behaviour is there.

0 Likes Likes

Go to solution
briancaw
L4 Transporter

‎01-09-2019 09:27 AM

hi @AbdulRahman_Safwat

This is indeed an expected behavior as you said, to prevent files from getting quarantined again after restoration.

We will review our documentation  and correct it as needed to better clarify this behavior.

Thanks!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2023 - Palo Alto Networks