Collecting quarantined files manually when the Quarantine Dumper tool fails

This discussion has a more recent version.

Symptoms

The 'malware_samples.zip' file produced by the Quarantine Dumper tool (fsdumpqrt.exe) does not contain any sample files.

Diagnosis

Varying operating/system environment may cause the Quarantine Dumper tool to fail to collect the quarantined files.

Solution

  1. Open Windows File Explorer, and go to C:\ProgramData\F-Secure\Quarantine\Repository. Enter your administrator credentials when asked.
  2. Right-click on the TAR folder, and select Properties.
  3. Go to the Security tab, and click Edit.
  4. Click Add....
  5. Type in Everyone in the 'Enter the object names to select' field, and click OK.
  6. Select Everyone from the 'Group or user names' list, and under 'Permissions for Everyone', check the Allow Full control box.
  7. Create a password-protected archive of the following folder with the password: infected.
  8. Submit the zip file (archive) to our analysts.
  9. Important: Return to TAR folder > Properties > Security tab > Edit, and remove Everyone from the list.
Sign In or Register to comment.