Event Log Check - ITbrain Monitoringunable to restore from quarantine - ITbrain removes it right away again back into qu

Announcements

Would you like to be part of the TeamViewer task force to make our product even better? Start now with participating in our survey and help our product team to build an even better TeamViewer. Click here for more information.

Posted by Franzk
Henagon

Event Log Check - ITbrain Monitoringunable to restore from quarantine - ITbrain removes it right away again back into qu

ITbrain put some files in quarantine identified as Gen:Trojan.Heur.GM.0540100800
I tried to restore some of these files for further analysys because I assume that it could be a false positive.
However, I seeem to be unable to do so since ITbrain just puts it back into quarantine.
What is the procedure to restore a file from quarantine in this case?

1 Accepted Solution

Accepted Solutions
Highlighted
Posted by Remote Management Staff
Remote Management Staff
Solution

Re: Event Log Check - ITbrain Monitoringunable to restore from quarantine - ITbrain removes it right away again back int

Hi @Franzk

I would assume the situation is related to ITbrain Anti-Malware. 

In this situation, you can just disable the Real-time protection in the policy for the device you want to retrieve a file from the quarantine. Save the policy then restore the file you think it's a false positive. 

You could always send us the file for analysis. Create a password protected archive with pass: infected and send it as an attachment to support@itbrain.com.  

 

Product Owner ITbrain
1 Reply
2 Replies
Highlighted
Posted by Remote Management Staff
Remote Management Staff
Solution

Re: Event Log Check - ITbrain Monitoringunable to restore from quarantine - ITbrain removes it right away again back int

Hi @Franzk

I would assume the situation is related to ITbrain Anti-Malware. 

In this situation, you can just disable the Real-time protection in the policy for the device you want to retrieve a file from the quarantine. Save the policy then restore the file you think it's a false positive. 

You could always send us the file for analysis. Create a password protected archive with pass: infected and send it as an attachment to support@itbrain.com.  

 

Product Owner ITbrain
1 Reply
Posted by Franzk
Henagon

Re: Event Log Check - ITbrain Monitoringunable to restore from quarantine - ITbrain removes it right away again back int

Thanks, that method worked and allowed me to restore the file

I also had another way suggested to set the A-M policy to non, however that did not work - It put the file back into quarantine.

The files in questions are from Borland C 4.5 BIN exe files MAKE.exe and TLIB.exe

I will be sending them to your lab