Support

Support for business applications

Kaspersky Endpoint Security 12 for Windows

Managing the application from the command line

Detection and Response management commands

RESTORE. Restoring files from Quarantine

Kaspersky Endpoint Security 12 for Windows
Нет результатов
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools Support lifecycle

RESTORE. Restoring files from Quarantine

25 April 2024

ID 215844

Get as PDF

You can restore a file from Quarantine to its original folder. Quarantine is a special local storage on the computer. The user can quarantine files that the user considers dangerous for the computer. Quarantined files are stored in an encrypted state and do not threaten the security of the device. Kaspersky Endpoint Security uses Quarantine only when working with Detection and Response solutions: EDR Optimum, EDR Expert, KATA (EDR), Kaspersky Sandbox. In other cases Kaspersky Endpoint Security places the relevant file in Backup. For details on managing Quarantine as part of solutions, please refer to the Kaspersky Sandbox Help, Kaspersky Endpoint Detection and Response Optimum Help, and Kaspersky Endpoint Detection and Response Expert Help, Kaspersky Anti Targeted Attack Platform Help.

To execute this command, Password protection must be enabled. The user must have the Restore from Backup permission.

The object is quarantined under the system account (SYSTEM).

Restoring files from Quarantine involves the following special considerations:

  • If the destination folder has been deleted or the user does not have access rights to that folder, the application places the file in the %DataRoot%\QB\Restored folder. Then you must manually move the file to the destination folder.
  • The application treats the name of the file being restored as case sensitive. If you do not observe the case when entering the file name, the application does not restore the file.
  • If the destination folder already has a file with the same name, the application cancels the restoration of the file.
  • If you are using the KATA (EDR) solution, the application saves a copy of the file in Quarantine after restoring the file. You can clear the Quarantine manually. For EDR Optimum and EDR Expert solutions, the application deletes the file after restoration.

Command syntax

avp.com RESTORE [/REPLACE] <file name> /login=<user name> /password=<password>

Advanced settings

 

/REPLACE

Overwrite an existing file.

<file name>

The name of the file to be restored.

Authentication

 

/login=<user name> /password=<password>

User account credentials with the required Password protection permissions.

Example:

avp.com RESTORE /REPLACE true_file.txt /login=KLAdmin /password=!Password1

Command return values:

  • -1 means the command is not supported by the version of the application that is installed on the computer.
  • 0 means the command was executed successfully.
  • 1 means a mandatory argument was not passed to the command.
  • 2 means a general error occurred.
  • 4 means there was a syntax error.

Kaspersky Endpoint Security for Windows: Detection of advanced threats
Control systems which prevent damage from the sensitive data theft. Management from a single console. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.