Endpoint Protection

In SEP 11.x and older versions I was able to delete the content of the SEP quarantine folder manually. Now we have SEP 12.x and regardless of my admin rights on the machine and folder I'm not allowed to do that. Even if I disable SEP or stop the SMC service.

As I'm managing a lot of clients and the DWH*.tmp issue is still not solved since the 11.0.5x versions it is vital to be able to eradicate the quarantine content from a script.

Do you have any suggestion on how to approach this?

*edit: To be precise, I can clean it up from the SEP console, but I'm unable to delete them on file level.

disable tamper protection

http://www.symantec.com/business/support/index?page=content&id=HOWTO77121

quaratine folder will not have any access so add your account , take control, then delete.

Thank you, but it's useless if I can't disable tamper protection from script temporarily.

right so that will not work,

either you need to disable tamper first, then allow psexec to do or

this is the easiest method. (  I know you mentioned it but this is easy)

1) Open Symantec Endpoint Protection Manager
2) Goto Policies
3) Select Antivirus and Antispyware Policy
4) Select Quarantine
5) Click on the Cleanup Tab
6) Under Quarantined Files check mark "Delete oldest file  to limit folder Size at ( X ) MB (Instead of X mentioned the Size of Quarantine Folder you would like to use

Sorry, but I can't apply this for everyone. There are cerain cases I need to clean up the quarantine, and I don't want to manage these seperately, therefore the only acceptable option is to push a script.

Is it possible or not?

Not  possible