Event Log Check - ITbrain Monitoringunable to restore from quarantine - ITbrain removes it right away again back into qu

Posted by Franzk
Henagon

Event Log Check - ITbrain Monitoringunable to restore from quarantine - ITbrain removes it right away again back into qu

ITbrain put some files in quarantine identified as Gen:Trojan.Heur.GM.0540100800
I tried to restore some of these files for further analysys because I assume that it could be a false positive.
However, I seeem to be unable to do so since ITbrain just puts it back into quarantine.
What is the procedure to restore a file from quarantine in this case?

1 Accepted Solution

Accepted Solutions
Highlighted
Posted by ITbrain Staff
ITbrain Staff
Solution

Re: Event Log Check - ITbrain Monitoringunable to restore from quarantine - ITbrain removes it right away again back int

Hi @Franzk

I would assume the situation is related to ITbrain Anti-Malware. 

In this situation, you can just disable the Real-time protection in the policy for the device you want to retrieve a file from the quarantine. Save the policy then restore the file you think it's a false positive. 

You could always send us the file for analysis. Create a password protected archive with pass: infected and send it as an attachment to support@itbrain.com.  

 

Product Owner ITbrain
1 Reply
2 Replies
Highlighted
Posted by ITbrain Staff
ITbrain Staff
Solution

Re: Event Log Check - ITbrain Monitoringunable to restore from quarantine - ITbrain removes it right away again back int

Hi @Franzk

I would assume the situation is related to ITbrain Anti-Malware. 

In this situation, you can just disable the Real-time protection in the policy for the device you want to retrieve a file from the quarantine. Save the policy then restore the file you think it's a false positive. 

You could always send us the file for analysis. Create a password protected archive with pass: infected and send it as an attachment to support@itbrain.com.  

 

Product Owner ITbrain
1 Reply
Posted by Franzk
Henagon

Re: Event Log Check - ITbrain Monitoringunable to restore from quarantine - ITbrain removes it right away again back int

Thanks, that method worked and allowed me to restore the file

I also had another way suggested to set the A-M policy to non, however that did not work - It put the file back into quarantine.

The files in questions are from Borland C 4.5 BIN exe files MAKE.exe and TLIB.exe

I will be sending them to your lab