One or more files selected for recovery are not restored, with the following error presenting in ESE:
This happens because we do not allow recovery of files that have been found to contain malware.
Our system scans all files for malware and classifies them into one of two states:
- Cleared - the file is free from malware and safe for recovery.
- Quarantined - the file has been flagged as suspicious and is now unavailable for recovery selection.
Files that have been quarantined can be actioned in one of three ways:
- Mark as safe - the suspicious file is removed from quarantine and returned to the backup selection
- Delete - the suspicious file is permanently removed
- Revert - the suspicious file is rolled back to a previous, malware-free state
These actions can only be performed via the RedApp (not via ESE).
To action quarantined files:
1. Log into the RedApp.
2. Go to Notifications. Under Suspicious files have been found, click on View.
You can also access the list of affected files at any time by going to your Machines overview. Locate the Malware analysis card and click on View all there.
3. Locate the problematic files as highlighted in ESE.
4. For any file you want to action, click the ellipsis on the right to expand the action menu.
5. Click Mark as safe if you are certain the file is not malicious, or Delete to remove the file from your backups permanently. If a previous, malware-free version of a file is available, you will have a third option, Revert, as explained above. You can also select multiple files and perform a bulk action using the buttons at the bottom.
6. The selected action will be queued. Once the action has been completed, this will reflect in your list of notifications.
If you marked a file as safe or reverted it in the RedApp, the file will now be available for recovery in ESE once again.