How to collect quarantined files using F-Secure Quarantine Dumper

Issue:

How to collect the quarantined files on an affected Windows machine using F-Secure Quarantine Dumper, and then submit the files for analysis. 

Resolution:

Collect quarantined files using F-Secure Quarantine Dumper by following the instructions below:

  1. Click on this link to download F-Secure Quarantine Dumper to a location of your choice, for example, c:\temp.
  2. Launch Command Prompt (CMD).
  3. Navigate the directory to the location you selected in step 1. For example, type cd c:\temp\ and press Enter on your keyboard to go to c:\temp\ folder.
  4. Type fsdumpqrt.exe -d c:\temp\ to run the tool.
  5. Enter your administrator credentials when prompted. F-Secure license terms are now shown.
  6. Scroll all the way to the end of the license terms before you can accept them.
  7. Press E on your keyboard to accept the license terms.
  8. Press any key to complete the run. The quarantined files will be collected in a file named malware_samples.zip with the default password (infected) in the location you specified in step 1. 

These are the parameters that can be used in the tool:​
  • -d, --destination: Destination directory for output (default: current admin desktop)
  • -p, --password: Password for output (default: "infected")
  • -v, --verbose: Verbose output
  • -a, --accept-eula: Accept EULA
  • -s, --silent: Silent mode
  • -l, --list: Only list contents, nothing is written to disk

Tip: Running the fsdumpqrt.exe tool in command prompt without additional command line parameters will print out a short tool description and the extra parameters for using the tool.
 

Article no: 000002484

Pricing & Product Info

For product info and pricing please go to the F-Secure product page

Version history
Revision #:
1 of 1
Last update:
‎17-10-2019 10:14 AM
Updated by:
 
Labels (3)