1 Reply Latest reply on Sep 27, 2013 5:56 AM by nitinverma

    MOVE 2.6 Multi-Platform Quarantine Restore

    xadamz23

      I recently deployed MOVE Multi-Platform and had a false positive detected.  I can't find how to restore a file from quarantine.  The official documentation talks about downloading a restore tool, but that is for Agentless.  I Googled and can't find anything either. 

       

      So my question is how do I restore something from quarantine?

        • 1. Re: MOVE 2.6 Multi-Platform Quarantine Restore
          nitinverma

          The quarantined files are managed throught the mvadm.exe command line tool. Thereis no ePO support for managing quarantined files.

           

                      mvadm.exe q list – Lists the currently quarantined files

           

                      mvadm.exe q restore <detected as> - Restores all files of the detection typespecified in the detected as parameter.

           

                      mvadm.exe q remove <detected as> - Removes all files of the specified detection name.

           

          Examples:

           

                      mvadm.exe q restore “eicar test file”– restores all files detected as “eicar test file”.

           

                      mvadm.exe q remove “eicar test file” – removes all files detected as “eicar testfile”.

           

          Note: When restoring files, if MOVE scanning is still enabled and the file is still considered a threat by the current DATs on the offload server, the file will be rescanned and immediately detected as a threat.