Article ID: 2834037 - View products that this article applies to.
A file quarantined by Forefront Endpoint Protection 2010 (FEP 2010) or System Center 2012 Endpoint Protection (SCEP 2012) may be restored to an alternative location by using the MPCMDRUN command-line tool. The syntax is explained below:
Things to remember:
1. When attempting to restore a file you can only restore by “threat name”, not by file name!
2. Your restore results will be that all files in the quarantine that have the same threat name get restored.
3. There is no method to restore only a single file.
4. The “threat name” is case-sensitive.
Threatname = RemoteAccess:Win32/RealVNC
This syntax is correct: MpCmdRun.exe -Restore -Name RemoteAccess:Win32/RealVNC
This syntax is not correct and will not work: MpCmdRun.exe -Restore -Name RemoteAccess:Win32/reallvnc
NOTE: To know the exact spelling of a threat name, use the following syntax to generate the list of threat names currently in the quarantine folder:
Mpcmdrun –Restore –ListAll
(http://go.microsoft.com/fwlink/?LinkId=151500)for other considerations.