If Trend Micro OfficeScan for Windows pops up an alert window during normal use of your computer, indicating that it has quarantined a virus file, you can decide later how to deal with the infected file.  NCSU's version of OfficeScan places quarantined virus-infected files in the C:\TMQuarantine folder on your computer's hard drive.

OfficeScan stores quarantined files in an encrypted format, so the files cannot be opened and used. Additional documentation on recovering quarantined files is available from Trend Micro's eSupport website.

Learn more about:

• How to view or delete quarantined files
• How to recover a file from quarantine

How to view or delete quarantined files

1. Open your Start menu and click on the Computer icon.  For Windows XP users, this icon will be titled My Computer.
2. Your Computer window will list the drives in your computer.  Double-click on your C: drive.
3. In your C: drive, you will see a list of folders.  Locate and double-click on the folder titled TMQuarantine.
   
4. In the TMQuarantine folder, you will see a listing of all the files that OfficeScan's real-time virus scanner has detected and placed in quarantine.  The filenames are not changed by OfficeScan.
   
5. In almost all cases, the files placed in quarantine by OfficeScan are files that cannot be cleaned of viruses, and should be deleted.  To delete the infected files in your TMQuarantine folder, simply highlight them and press Delete.
6. Close the window.

How to recover a file from quarantine

Note: Do NOT perform this procedure unless you are certain that the file you are recovering from quarantine is not a virus.

1. Open your web browser and download the VSEncode utility (ZIP format):
   http://www.ncsu.edu/antivirus/files/VSEncode.zip

   Note: You will need to log in with your Unity ID and password.

2. Close your web browser.
3. Locate where you saved the VSEncode.zip file and copy it to the C:\TMQuarantine folder.
   
4. Extract the contents of VSEncode.zip.  It should contain two files:
   
   • VSEncode.exe
   • VSAPI32.DLL

   If they extract into a VSEncode folder, copy these two files in to your C:\TMQuarantine folder.

5. Look in the C:\TMQuarantine folder and find the name of the file that you wish to remove from quarantine.  Take note of the filename; you will need it later.  Leave the C:\TMQuarantine window open.
6. Open a Command Prompt window:
   
   • Windows Vista: Open the Start menu, click in the Start Search box, type "cmd" and press Enter.
   • Windows XP: Open the Start menu, click Run.  In the Run box, type "cmd" and press Enter.
7. The Command Prompt window will open.  Type "cd C:\TMQuarantine" and press Enter.
   
8. Type the following command:
   • vsencode -d /f filename
   • Replace filename with the actual name of the file you wish to recover.
9. VSEncode will decrypt the file.
10. If the decryption was successful, you can return to the C:\TMQuarantine window and move your move your file to another location on your computer.  You should now be able to open the file.
11. Close the C:\TMQuarantine and Command Prompt windows.

If you have problems while performing these steps, contact the NC State Help Desk for assistance.