After removing an infected object, Kaspersky Endpoint Security places this object to the Storage.
You can use the EICAR test file to check the Storage function. This test virus was developed by The European Institute for Computer Antivirus Research (EICAR) to check the operation of anti-virus programs.
The EICAR test file is not a virus and does not contain program code that can harm your computer, but most anti-virus programs identify it as a threat.
The file that contains the test virus is called eicar.com. You can download it from the EICAR website.
To check the Storage function:
curl https://www.eicar.org/download/eicar.com.txt -o /root/eicar.com.txt
echo -n 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > standard
The test file is deleted after several seconds or immediately if you try to open it.
kesl-control -B –query
Both test files are placed to the Storage.
FileName field:kesl-control -B --query "FileName like '%standard%'"
kesl-control -B --query "AddTime > '1588252951'"
For more information about using the query, please refer to the Using logical expressions section.
ObjectId field:kesl-control -B --restore 1
The file is restored to its original location. The ls command does not open the file, so it is not deleted by the File Threat Protection task. But when you cat it, the file will be detected and removed, and moved to the Storage.
kesl-control -B --restore 2 --file /tmp/newfile
The file is restored to the specified location.