Endpoint Protection

 View Only
Back to Library

Squash SymTMPs - from Mike's Tool Set 

Nov 19, 2010 03:39 PM

So...way, way back, somewhere around MR4 we started seeing an issue where lots of files (mostly TMP) were being created (and staying) in the xfer_tmp or the xfer folders. For us it was only with SEP, but from what I understand, SAV users were seeing some of this as well.

Symantec wrote a very comprehensive cleanup document (which has since been shortened to reflect the current state of the issue) that detailed how to manually cleanup these files so that they did not return. At that point I did what I normally do...I wrote a script that automated the whole process. For us, even seeing one or two of these a day made my time writing the script worthwhile.

Essentially what the utility does is shutdown the smc service, clean a bunch of directories, restart the smc service and then run an "smc -updateconfig". While I clean the SAV directories as well as the SEP directories (based on the Symantec document above dated 03/22/2010)...I have NEVER tested this on a SAV machine, we are long past that era.

The directories to clean are based on both the "All Users" and "Current User" accounts, because of this, when the utility is launched, I enumerate both local and domain accounts on the machine and then allow you to select which account to run against. If you have a LOT of temp files in a directory, it will take a LONG time to run. As with all my utilities, I would run this FIRST against a NON-production machine, with bogus TMP files, that has been backed up. At least until you're sure it will do what you need.

This utility is really for MR4, RU5 or RU6 or machines that have been UPGRADED to RU6 MP1...if you have a fresh install of RU6 MP1 or later...then the problem should have already been resolved and this utility will do you no good. In fact, directories may have changed in later versions of SEP and you may actually break something. Use your common sense! I make no promises or guarentees. Did you read that last line? Read it again.

Here is what the GUI looks like...pretty straightforward, select an account and then "Squash UM!". Yes, that's a Squash icon in the bottom right corner.

Squash SymTMPs GUI

Anyway, enough of the blah, blah, blah. Hopefully this utility will help your situation, I know that it has greatly helped ours.

-Mike

Symantec Article Information:

Article: TECH93590 | Created: 2009-01-22 | Updated: 2011-07-25 | Article URL http://www.symantec.com/docs/TECH93590

Statistics
0 Favorited
1 Views
1 Files
0 Shares
0 Downloads
Attachment(s)
zip file
Squash SymTMPs.zip   404 KB   1 version
Uploaded - Feb 25, 2020
 
Download

Tags and Keywords

Comments

Migration User
Sep 24, 2014 11:39 PM

Gidday Mike,

What is your password. i can't use it

Thank.

Migration User
Sep 10, 2012 05:18 PM

Gidday Mike -

Thanks for your reply. I'll give this a shot on the affected machine as soon as I can and post back with the results. Onya!

Cheers... Matt

MDubya
Sep 10, 2012 09:19 AM

Kia ora Matt,

Based on the original Symantec document that I referenced to build this utility, these are the directories that I clean.

@HomeDrive & '"\Documents and Settings\"' & $UserName & '"\Local Settings\Temp"'
$AllUsersProfile & '"\Application Data\Symantec\Symantec Endpoint Protection\xfer_tmp"'
$AllUsersProfile & '"\Application Data\Symantec\Symantec Endpoint Protection\xfer"'
$AllUsersProfile & '"\Application Data\Symantec\Symantec Endpoint Protection\Quarantine"'
$AllUsersProfile & '"\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer_tmp"'
$AllUsersProfile & '"\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer"'
$AllUsersProfile & '"\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine"'

@HomeDrive & '"\Users\"' & $UserName & '"\AppData\Local\Temp"'
$AllUsersProfile & '"\Symantec\Symantec Endpoint Protection\xfer_tmp"'
$AllUsersProfile & '"\Symantec\Symantec Endpoint Protection\xfer"'
$AllUsersProfile & '"\Symantec\Symantec Endpoint Protection\Quarantine"'
$AllUsersProfile & '"\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer_tmp"'
$AllUsersProfile & '"\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer"'
$AllUsersProfile & '"\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine"'

So I would guess my utility as is should help as the directories you mentioned are listed above. Based on your reply, I will probably add in the SEP 12.1 directories just for completeness.

Thanks for your current perspective on this issue.

-Mike

Migration User
Sep 09, 2012 11:53 PM

Gidday Mike -

I'm seeing this on an XPP SP# machine on a network with a new installation (not upgrade) of Symantec Protection Suite SBE 4.0 - the client is running 12.1.1101.401

SBE doesn't provide the option to turn off quarantine scans subsequent to new defs, so to workaround I've had to turn off scan *any* after new, and disable notifications on the client just to get rid of the annoyance factor.So yeah - looks like your utility *is* still needed - dwh*** files are detected in C:\WINDOWS\Temp and C:\Documents and Settings\username\Local Settings\Temp

Will your tool help with this?

 

Cheers... Matt

MDubya
Sep 06, 2012 10:05 AM

Hi Brian,

Yes I'm a bit slow on this reply. blush

Currently 12.1 is not supported by Squash SymTMPs. While the utility will run successfully and, from my perspective, not cause any issues...it does not target the modified directory structure of 12.1. Obviously this tool was written for a different purpose, and presumably, 12.1 does not have the same TMP file issues that SEP 11 MR4 had, so in theory, this utility is no longer needed. That said, if it is still being used to clean up various SEP directories, and that the consensus of visitors to this forum is to add the SEP 12.1 directories, then I'd be glad to do so. The amount of work involved is minimal.

-Mike

ℬrίαη
Apr 29, 2012 09:25 AM

Will this work on 12.1?

Migration User
Jan 11, 2011 09:09 PM

Wow what a great tool you have Mike. Thanks! I'll give it a try soon. Have a good year ahead to you all and I hope it would be great.

MDubya
Jan 03, 2011 09:11 AM

Because the utility requires human intervention to select a local account to run against...I've not put any thought into command line or silent options.

I suppose I could run a silent mode against the currently logged on user...have to ponder the benefits vs the time involved in adding this and other options.

"Technically" the issue with files filling up the xfer_tmp or the xfer folders  was fixed/resolved with RU6 MP1.

-Mike

Migration User
Dec 23, 2010 03:11 AM

Can you run it in command line mode? silent mode?

 

I would use it in a batch file or run it remotely using Pstools psexec

Migration User
Dec 22, 2010 12:20 PM

Great tool, thanks for sharing it. 

If you're feeling bored sometime smiley, can you modify this so it can be run against remote workstations?  Maybe ran locally but pointed at the remote IP address of a machine we have administrative rights on.  Or command line via psexec? 

Thomas K
Dec 09, 2010 04:16 PM

Mike,

Great tool! I am going to give this a try in my lab environment.

Thanks for contributing to the SEP community.

 

Cheers,

Thomas

Related Entries and Links

No Related Resource entered.