Submit quarantined files from a Endpoint Protection for Linux client
searchcancel
Submit quarantined files from a Endpoint Protection for Linux client
book
Article ID: 163708
calendar_today
Updated On: 03-24-2025
Products
Endpoint Protection
Issue/Introduction
The SEP for Linux client has quarantined files that are believed to be a False Positive. These files need to be submitted to the False Positive portal for analysis.
Environment
SEP for Linux version 12.1 RU5 - 14.3 MP1
Resolution
To submit quarantined files, the identity of the files in the Quarantine directory must be confirmed.
To confirm the file ID:
Open a terminal session.
Navigate to /opt/Symantec/symantec_antivirus.
Run the following command:
./sav quarantine -l
This will list all the files that have been Quarantined. Note the ID associated with file to be submitted.
To locate the file in the Quarantine directory:
Navigate to /var/symantec/Quarantine/ (SEP 12.1.x) or /var/symantec/sep/Quarantine/ (SEP version up to 14.3 MP1).
The quarantined file will be named with the ID noted in the previous steps with a file extension of .vbn.
The .vbn file is an encrypted file that can be submitted to Symantec's False Positive portal for analysis.