Endpoint Protection

Hi,

I need assistance with the issue of continous notifications from the "C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine" folder. I have read another post that I would need to use the application "SymDelTmps.exe". Please let me know how to obtain the application and if there are any other fixes to this problem.

Thanks
Bruce.

This will fix it.   Relevant if you upgraded from SAV to SEP.


http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009042217073548

tekkid I fail to see the references to the SRTSP folder in that document?
And it's not a large number of temp files being generated, he mentions it's files in there causing "constant notifications" or alerts.

Those files cannot be deleted until you go into that area, give yourself full rigfhts to that file manually, give yourself rights to that folder and delete the file(s) in there.
In my case, there was an EXE in there of all things!!
I could not delete that file until I manually went to the machine and to that folder, gave myself "full rights" (nothing else worked), then to the file and did the same, then I was able to delete the offending file.
It was a fluke goofy thing.
Once deleted, all was fine.
Don't know if that's the issue here, but sounds familiar.
I'm not aware of that exe or utility - it's new to me, I guess.

I have created a local admin account and set permissions to full control to the Quarantine folder but I still do not have access to delete the files. I tried to change permissions on the files but there is not security tab. I need to delete the files so that the risk notifications will stop popping up. I have tried to remove and reinstall Symantec Endpoint Protection but once removed the files are still locked somehow. Any more suggestions will be appreciated.

Thanks
Bruce.,

Hi Bruce,

Not sure how you did it, but I had a similar problem and was able to rectify it using command line. As you've mentioned, you will not have direct access to the files at first (only System has access to that folder).

Do this to gain access:

Start..Run...type in: cmd
cd "\Documents and Settings\All Users\Application Data\Symantec\SRTSP"
cacls quarantine /e /g your_user_name:f
cd quarantine
del *.*
y

your_user_name <-- is the account that you used to log into the machine. If it has spaces, I think you can put quotes around it.  I believe your user account should be part of the "administrators" group.  If that is the case you can just type in:

cacls quarantine /e /g administrators:f

Once you are done, put back the old settings with:

cacls quarantine /e /r administrators or cacls quarantine /e /r "your_user_name"

Best Regards,

Tom

I have 5000+ devices where i rolled out SEP version 4101 or something and have updated to 11.5002.333 and have never seen this folder except on a device that got the Internet Security 2010 fave AV. I have had all quarantined files go into c:\documents and settings\all users\application data\symantec\symantec endpoint protection\quarantine or xfer or xfer_temp. I have not seen this SRTSP folder as part of any of the installs we have done. Any ideas where it came from ? I have had the same issues getting to it as everyone else and have also been able to remove using the instruction above, I am just curious as to whether it is legit or a repository for FakeAV apps.