This issue has been solved.

DWH file issue in SEP v11.0.7

Created: 11 Jul 2012 • Updated: 16 Aug 2012
Login to vote
+3 3 Votes

Hi,

I'm having issue with my new installation of SEP v 11.0.7 MP2, it gives me this error every morning:

 

Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: Trojan.Gen
File: C:\ProgramData\Symantec\DefWatch.DWH\dwhbb53.exe
Location: C:\ProgramData\Symantec\DefWatch.DWH
Computer: AdminLaptop01
User: SYSTEM
Action taken: Pending Side Effects Analysis : Access denied
Date found: Thursday, July 12, 2012  10:18:00 AM
 
Can anyone please advise what to do ?
Quick Look Solution

Hi, Also you can refer this

Hi,

Also you can refer this article

When new virus definitions are in place and the quarantine is being scanned, a DWH file is created and detected by Auto-Protect

http://www.symantec.com/docs/TECH102953

Filed Under

Comments

P_K_
Trusted Advisor
11
Jul
2012

Stop the SEP service and

Stop the SEP service and delete the files

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

11
Jul
2012

which file to delete ? do I

which file to delete ?

do I just

smc - stop then

delete then

smc - start ?

Dushan Gomez
IT Manager
VCP 4 and 5 | MCITP Exchange Server | MCTS SharePoint Server | MCP Windows XP

 

_Brian
Trusted Advisor
Certified
11
Jul
2012

  https://www-secure.symantec

 

https://www-secure.symantec.com/connect/forums/generic-trojan-dwhtmp-temp-folder

Note the explanation by Ryan_Dasso

You can also find a workaround by Mithun Sanghavi posted on the last page of this thread.

Doing a search of the forum, you will also find other posts on it.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade
Technical Support
Accredited
12
Jul
2012

Hi Dushan Gomez,Please check

Hi Dushan Gomez,

Please check this article

DWH***.tmp files are detected in the user profile temp directory

http://www.symantec.com/docs/TECH92399

These detections do not indicate a new outbreak of a threat.  The .tmp files are created by the Symantec Endpoint Protection (SEP) or Symantec AntiVirus (SAV) Quarantine scan. The scan is normally initiated by a virus definition update.

There are also several known methods to work around the issue:

  • The quarantine scan on virus definition update can be disabled in the  Symantec Endpoint Protection Manager (SEPM): edit Antivirus and Antispyware policy > Windows Settings > Quarantine > General, under "When New Virus Definitions Arrive" choose "Do nothing".
  • Items in quarantine can be deleted.
  • If the indexing service is enabled it could be triggering the issue when the dwh***.tmp files are indexed.
  • Investigate other applications that are scanning the temp file for changes.

  I hope it helps.

 

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Chetan Savade
Technical Support
Accredited
12
Jul
2012
SOLUTION

Hi, Also you can refer this

Hi,

Also you can refer this article

When new virus definitions are in place and the quarantine is being scanned, a DWH file is created and detected by Auto-Protect

http://www.symantec.com/docs/TECH102953

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

16
Aug
2012

Thanks for all of your

Thanks for all of your responses guys.

Dushan Gomez
IT Manager
VCP 4 and 5 | MCITP Exchange Server | MCTS SharePoint Server | MCP Windows XP