The Book

There is no cloud, it's just someone else's computer !!!

User Tools

Site Tools


misc:mcafee_restore

How to restore a quarantined file not listed in the VSE Quarantine Manager

Technical Articles ID: KB72755 Last Modified: August 02, 2012

Environment McAfee VirusScan Enterprise 8.x McAfee VirusScan Enterprise Quarantine Manager component Summary

There may be circumstances where a quarantined file is deleted by VirusScan Enterprise (VSE) before you realize the file needs to be preserved. This could be for submission to McAfee Labs for instance.

While you may be able to restore the .BUP file to C:\Quarantine\, the Quarantine Manager will no longer show the quarantined file. Therefore, it cannot be restored using the Quarantine Manager.

This article explains how to manually extract information from .BUP files not listed in Quarantine Manager. Solution

To extract files from Quarantine (.BUP) files:

Using Windows Explorer, create a temporary folder. In this example: C:\SAVE-BUP Download the 7-Zip file compression utility from http://www.7-zip.org/. Install the 7-Zip utility and extract the following two files from the .BUP file to C:\SAVE-BUP
Details
File_0

To decrypt files contained in .BUP files:

Download the XOR utility from http://www.softpedia.com/get/Programming/Other-Programming-Files/Xor.shtml.
Extract xor.zip to C:\SAVE-BUP.
Click Start, Run, type cmd, and press ENTER.
Type cd \SAVE-BUP and press ENTER.
Type xor.exe File_0 file_0.xor 0X6A and press ENTER.
Type xor.exe Details Details.txt 0X6A and press ENTER.
NOTE: 0x6A is the encryption key used.
Rename File_0.xor to the original name found in the Details file.

Related Information For more information on the 7-ZIP file compression utility, see KB72766.

https://kc.mcafee.com/corporate/index?page=content&id=KB72755&pmv=print

misc/mcafee_restore.txt · Last modified: 2016/02/10 08:24 (external edit)