Endpoint Protection

Hi community,

we have enabled the "Upload quarantined files from the clients" feature within our default SEPM domain.

This works really well and all "detections" are uploaded to the central SEPM server, but when I try to download the samples from SEPM server for further analysis the file I get seems not to be pristine.

Is there something that I am missing (e.g. a tool to decode/unpack the file)?

I don't get the point of uploading files to SEPM, if I can't use them afterwards.

best regards,

Michael

Is nobody using this feature, or is nobody facing this issue?

Hi community,

we have enabled the "Upload quarantined files from the clients" feature within our default SEPM domain.

This works really well and all "detections" are uploaded to the central SEPM server, but when I try to download the samples from SEPM server for further analysis the file I get seems not to be pristine.

Is there something that I am missing (e.g. a tool to decode/unpack the file)?

I don't get the point of uploading files to SEPM, if I can't use them afterwards.

best regards,

Michael

They are encoded so administrators don't drop a load of malicious files onto their SEPM when they select-all and download. But you can safely upload them to symsubmit.symantec.com for analysis. Please open a case with technical support if you must know how to decode them. Thanks!

Is nobody using this feature, or is nobody facing this issue?

Hi community,

we have enabled the "Upload quarantined files from the clients" feature within our default SEPM domain.

This works really well and all "detections" are uploaded to the central SEPM server, but when I try to download the samples from SEPM server for further analysis the file I get seems not to be pristine.

Is there something that I am missing (e.g. a tool to decode/unpack the file)?

I don't get the point of uploading files to SEPM, if I can't use them afterwards.

best regards,

Michael