Issue:
How to collect the quarantined files on an affected Windows machine using WithSecure Quarantine Dumper, and then submit the files for analysis.
Resolution:
Collect quarantined files using WithSecure Quarantine Dumper by following the instructions below:
- Click on this link to download to a location of your choice, for example, c:\temp:
- Launch Command Prompt (CMD).
- Navigate the directory to the location you selected in step 1. For example, type cd c:\temp\ and press Enter on your keyboard to go to c:\temp\ folder.
- Type wsdumpqrt.exe -d c:\temp\ to run the tool.
- Enter your administrator credentials when prompted. WithSecure license terms are now shown.
- Scroll all the way to the end of the license terms before you can accept them.
- Press E on your keyboard to accept the license terms.
- Press any key to complete the run. The quarantined files will be collected in a file named malware_samples.zip with the default password (infected) in the location you specified in step 1.
These are the parameters that can be used in the tool:
- -d, --destination: Destination directory for output (default: current admin desktop)
- -p, --password: Password for output (default: "infected")
- -v, --verbose: Verbose output
- -a, --accept-eula: Accept EULA
- -s, --silent: Silent mode
- -l, --list: Only list contents, nothing is written to disk
Tip: Running the wsdumpqrt.exe tool in command prompt without additional command line parameters will print out a short tool description and the extra parameters for using the tool.
Article no: 000002484