Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Squash SymTMPs - from Mike's Tool Set

Created: 19 Nov 2010 • Updated: 15 Apr 2013 | 11 comments
iamadmin's picture
+12 12 Votes
Login to vote

So...way, way back, somewhere around MR4 we started seeing an issue where lots of files (mostly TMP) were being created (and staying) in the xfer_tmp or the xfer folders. For us it was only with SEP, but from what I understand, SAV users were seeing some of this as well.

Symantec wrote a very comprehensive cleanup document (which has since been shortened to reflect the current state of the issue) that detailed how to manually cleanup these files so that they did not return. At that point I did what I normally do...I wrote a script that automated the whole process. For us, even seeing one or two of these a day made my time writing the script worthwhile.

Essentially what the utility does is shutdown the smc service, clean a bunch of directories, restart the smc service and then run an "smc -updateconfig". While I clean the SAV directories as well as the SEP directories (based on the Symantec document above dated 03/22/2010)...I have NEVER tested this on a SAV machine, we are long past that era.

The directories to clean are based on both the "All Users" and "Current User" accounts, because of this, when the utility is launched, I enumerate both local and domain accounts on the machine and then allow you to select which account to run against. If you have a LOT of temp files in a directory, it will take a LONG time to run. As with all my utilities, I would run this FIRST against a NON-production machine, with bogus TMP files, that has been backed up. At least until you're sure it will do what you need.

This utility is really for MR4, RU5 or RU6 or machines that have been UPGRADED to RU6 MP1...if you have a fresh install of RU6 MP1 or later...then the problem should have already been resolved and this utility will do you no good. In fact, directories may have changed in later versions of SEP and you may actually break something. Use your common sense! I make no promises or guarentees. Did you read that last line? Read it again.

Here is what the GUI looks like...pretty straightforward, select an account and then "Squash UM!". Yes, that's a Squash icon in the bottom right corner.

Squash SymTMPs GUI

Anyway, enough of the blah, blah, blah. Hopefully this utility will help your situation, I know that it has greatly helped ours.

-Mike

Symantec Article Information:

Article: TECH93590 | Created: 2009-01-22 | Updated: 2011-07-25 | Article URL http://www.symantec.com/docs/TECH93590

Comments 11 CommentsJump to latest comment

Thomas K's picture

Mike,

Great tool! I am going to give this a try in my lab environment.

Thanks for contributing to the SEP community.

Cheers,

Thomas

0
Login to vote
clamu's picture

Great tool, thanks for sharing it. 

If you're feeling bored sometime smiley, can you modify this so it can be run against remote workstations?  Maybe ran locally but pointed at the remote IP address of a machine we have administrative rights on.  Or command line via psexec? 

0
Login to vote
Aaed Alqarta's picture

Can you run it in command line mode? silent mode?

I would use it in a batch file or run it remotely using Pstools psexec

Authorized Symantec Consultant - Symantec Certified Specialist - Experts-Exchange Certified Guru

Please don't forget to mark your thread solved

0
Login to vote
iamadmin's picture

Because the utility requires human intervention to select a local account to run against...I've not put any thought into command line or silent options.

I suppose I could run a silent mode against the currently logged on user...have to ponder the benefits vs the time involved in adding this and other options.

"Technically" the issue with files filling up the xfer_tmp or the xfer folders  was fixed/resolved with RU6 MP1.

-Mike

0
Login to vote
giljr's picture

Wow what a great tool you have Mike. Thanks! I'll give it a try soon. Have a good year ahead to you all and I hope it would be great.

0
Login to vote
.Brian's picture

Will this work on 12.1?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote
iamadmin's picture

Hi Brian,

Yes I'm a bit slow on this reply. blush

Currently 12.1 is not supported by Squash SymTMPs. While the utility will run successfully and, from my perspective, not cause any issues...it does not target the modified directory structure of 12.1. Obviously this tool was written for a different purpose, and presumably, 12.1 does not have the same TMP file issues that SEP 11 MR4 had, so in theory, this utility is no longer needed. That said, if it is still being used to clean up various SEP directories, and that the consensus of visitors to this forum is to add the SEP 12.1 directories, then I'd be glad to do so. The amount of work involved is minimal.

-Mike

0
Login to vote
nz-mattb's picture

Gidday Mike -

I'm seeing this on an XPP SP# machine on a network with a new installation (not upgrade) of Symantec Protection Suite SBE 4.0 - the client is running 12.1.1101.401

SBE doesn't provide the option to turn off quarantine scans subsequent to new defs, so to workaround I've had to turn off scan *any* after new, and disable notifications on the client just to get rid of the annoyance factor.So yeah - looks like your utility *is* still needed - dwh*** files are detected in C:\WINDOWS\Temp and C:\Documents and Settings\username\Local Settings\Temp

Will your tool help with this?

Cheers... Matt

0
Login to vote
iamadmin's picture

Kia ora Matt,

Based on the original Symantec document that I referenced to build this utility, these are the directories that I clean.

@HomeDrive & '"\Documents and Settings\"' & $UserName & '"\Local Settings\Temp"'
$AllUsersProfile & '"\Application Data\Symantec\Symantec Endpoint Protection\xfer_tmp"'
$AllUsersProfile & '"\Application Data\Symantec\Symantec Endpoint Protection\xfer"'
$AllUsersProfile & '"\Application Data\Symantec\Symantec Endpoint Protection\Quarantine"'
$AllUsersProfile & '"\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer_tmp"'
$AllUsersProfile & '"\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer"'
$AllUsersProfile & '"\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine"'

@HomeDrive & '"\Users\"' & $UserName & '"\AppData\Local\Temp"'
$AllUsersProfile & '"\Symantec\Symantec Endpoint Protection\xfer_tmp"'
$AllUsersProfile & '"\Symantec\Symantec Endpoint Protection\xfer"'
$AllUsersProfile & '"\Symantec\Symantec Endpoint Protection\Quarantine"'
$AllUsersProfile & '"\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer_tmp"'
$AllUsersProfile & '"\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer"'
$AllUsersProfile & '"\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine"'

So I would guess my utility as is should help as the directories you mentioned are listed above. Based on your reply, I will probably add in the SEP 12.1 directories just for completeness.

Thanks for your current perspective on this issue.

-Mike

0
Login to vote
nz-mattb's picture

Gidday Mike -

Thanks for your reply. I'll give this a shot on the affected machine as soon as I can and post back with the results. Onya!

Cheers... Matt

0
Login to vote
naitrogen's picture

Gidday Mike,

What is your password. i can't use it

Thank.

0
Login to vote