How to restore a quarantined file not listed in the VSE Quarantine Manager
Technical Articles ID:   KB72755
Last Modified:  11/3/2016
Rated:


Environment

McAfee VirusScan Enterprise 8.x
McAfee VirusScan Enterprise Quarantine Manager component

Summary

There may be circumstances where a quarantined file is deleted by VirusScan Enterprise (VSE) before you realize the file needs to be preserved (for example, submission to McAfee Labs).

While you may be able to restore the .BUP file to C:\Quarantine\, the Quarantine Manager will no longer show the quarantined file. Therefore, it cannot be restored using the Quarantine Manager.

This article explains how to manually extract information from .BUP files not listed in Quarantine Manager.

Solution

To extract files from Quarantine (.BUP) files:

  1. Using Windows Explorer, create a temporary folder. In this example: C:\SAVE-BUP
  2. Download the 7-Zip file compression utility from http://www.7-zip.org/.
  3. Install the 7-Zip utility and extract the following two files from the .BUP file to C:\SAVE-BUP:
    •  Details
    •  File_0
To decrypt files contained in .BUP files:
  1. Download the XOR (xor.zip) utility from http://www.softpedia.com/.
  2. Extract xor.zip to C:\SAVE-BUP.
  3. Click Start, Run, type cmd, and press ENTER.
  4. Type cd  \SAVE-BUP and press ENTER.
  5. Type xor.exe  File_0 file_0.xor  0X6A and press ENTER.
  6. Type xor.exe  Details Details.txt  0X6A and press ENTER.
    NOTE: 0x6A is the encryption key used.
  7. Rename File_0.xor to the original name found in the Details file.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.