I have a .exe file which is a false positive (nod32 and others never encountered any virus/malware on this file). Somehow CIS changed the owner of the file in such a way that even the admin user cannot access it.
I have added exclusion (inside scanner settings) to all files in a particular folder and one of the files included is the one mentioned above.
any ideas on how to get my file back? and how do I make exclusions work?
This time the file appeared in “quarantine items” (under antivirus) and I decided to select the “restore” option.
My file cannot be access by anyone including the admin account! I suppose the only way to get it back is booting to safe mode
Let Consider If Its Not A FP, Its A Suspected File And You Have Restored The File, If You Execute The File, The System Might Get Infected. So It’ Should Be Designed In A Way To Remove The Permissions Once Its Restored, So That No One (Even Admin) Can Execute It Even Accidentaly Until You Take Ownership Of The File
Whether or not the file has bugs or not, why won’t AV restore the file properly? What’s the point of allowing a restore if I still can’t use the restored file. With the 1st file, I actually created exclusion before fixing it.
Why won’t AV let the user take control of the system/files when the user specifically wanted control?
another file was found and it’s Perc6i drivers (executable winrar compressed file). now this file is useless (til I fix it) because restore doesn’t really restore.
I just encountered something similar with a DLL for the game Zen of Sudoku. One of its file, bass.dll, was flagged as ‘Heur.Packed.Unknown’, so I password-rar’d it and sent it in per the instructions here. I also think it’s silly that we have to disable and re-enable our AV to regain access to the files.
Edit: After further inspection, it seems that adding files to ‘Exclusions’ prevents you from accessing them until you restart the AV, however, if you add them to your Safe Files, then it doesn’t obscure any permissions.