Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

External Drive, pendrives folders become Shortcuts

Created: 05 Jan 2013 • Updated: 06 Jan 2013 | 9 comments

we are using Symantec endpoint protection and the version is 12.1.2015.2015. when we insert the external drive, all the folders in the external drive become shortcuts and we cannot access any files and it is showing empty. we scanned the whole drive but we can't find any virus. is there any solution to remove those shotcuts and restoring my folders.

Comments 9 CommentsJump to latest comment

pete_4u2002's picture

change the attributes as mentioned in the link and let know if it helps http://en.kioskea.net/faq/8734-files-on-flash-driv...

even after changing the attributes it does not help, then collect the load point and open a support case with Symantec

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

.Brian's picture

Make sure to set the drive to

"Show all hidden files and folders" and uncheck "Hide protected operating system files"

Do you see anything now?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

mon_raralio's picture

The virus must come from somewhere.

Do you have additional info on the last 2 machines that used this flash drive? I suspect the 2nd to the last PC is the carrier.

“Your most unhappy customers are your greatest source of learning.”

Chetan Savade's picture

Hi,

Do not delete shortcuts manually, if you deleted shortcuts manually you may end up loosing your actual data.

Scan the infected machine with Symantec power eraser tool.

http://www.symantec.com/theme.jsp?themeid=spe-user...

Here is the location of the Symantec Endpoint Protection Support Tool:

http://www.symantec.com/business/support/index?pag...

Make sure SEP client is updated with the latest definitions, all three SEP features are installed.

Make sure machine is patched with latest windows patches and service pack.

If SEP and power eraser couldn't find anything then run the SST & submit suspicious files to the Symantec for further analysis.

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Mithun Sanghavi's picture

Hello,

In your case, it is advisable to follow few important steps:

1) Make sure all these machines are Patched with ALL Latest MS security patches and service packs.

2) Make sure the machines are installed with the Latest Symantec virus definitions.

3) Disable the Autorun Feature on the machine.

Preventing a virus from using the AutoRun feature to spread itself

http://www.symantec.com/business/support/index?page=content&id=TECH104447

Later, incase of suspicious activity still happening, then follow the steps provided in the Article below:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Reference: https://www-secure.symantec.com/connect/forums/usb-flash-drive-shortcut-virus-0

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

rs_cert's picture

Is their any usb disable policy applied on that group where system allocated?

rs_cert's picture

 

We have not recieved any revert on same from long time, hopefully your query has been closed. If your issue closed then please mark valid comment as a solution which can help to other.

Thanks

SameerU's picture

Hi

Can you please disable the Auto play policy

Regards