Endpoint Protection

HI there,

It seems that after all, this problem with Generic Trojan - DWH*.tmp in Temp folder has not been fixed. Today It's 20.08.2012 and this problem hasn't been fixed. I have a lot of temp files prompted as being infected with Trojan.Gen.2., see this print screen: http://screencast.com/t/PshRysnqh

I'm using Symantec Endpoint Protection ver. 11.0.6005.562

I'm addressing this post to Symantec Officials to offer me a solution to fix this as I'm tired of dealing with this. I have read the previous post about this and seems that this issue still persist.

Looking forward for a fast answer,

ChiefRA

The issue of multiple DWH files being created and retained has been improved in SEP 11 Release Update 7 Maintenance Patch 2 (RU7 MP2) and SEP 12.1 RU1 MP1.

if you do not want to upgrade, use the workaround as mentioned in this URL

When new virus definitions are in place and the quarantine is being scanned, a DWH file is created and detected by Auto-Protect

http://www.symantec.com/business/support/index?page=content&id=TECH102953

Hello,

This is a known issue with the older versions of Symantec Endpoint Protection version 11.x

Incase, if you are carrying an older version of SEP, it would be adviced to install the Latest version of SEP 11.0.7200 OR Migrate to the SEP 12.1.1000

Check this:

DWH***.tmp files are detected in the user profile temp directory

http://www.symantec.com/docs/TECH92399

When new virus definitions are in place and the quarantine is being scanned, a DWH file is created and detected by Auto-Protect

http://www.symantec.com/docs/TECH102953

Check these Threads: 

https://www-secure.symantec.com/connect/forums/unable-fully-remove-trojangen2-sep

https://www-secure.symantec.com/connect/forums/trojangen2

https://www-secure.symantec.com/connect/forums/generic-trojan-dwhtmp-temp-folder

Secondly, The issue is fixed in the RU6 MP1, upgrade the client to RU6 MP1 and let know if it solves your problem

DWHxxxx.tmp files are scanned and re-detected when new definitions arrive or during a scheduled scan

Fix ID: 1925607

Symptom: DWHxxxx.tmp files are scanned and re-detected when new definitions arrive or during a scheduled scan.

Solution: After extracting a quarantined item to a temp file, the file is deleted immediately after it is processed.

http://www.symantec.com/business/support/index?page=content&id=TECH103087&locale=en_US

Hope that helps!!

use latest version Ru7 MP2 or SEP 12.1 Ru1 MP1.

Hi, good morning.

Turn cleaner temporary files on your desktop. Then, make a scanneamento in his compuatdor in safe mode, or turn your security solution, but when windows is in safe mode.
To do this, restart your PC and press the F8 key until the screen with the options appear. Choose Safe Mode, but no network. and perform a scan.

Esteri willingness to quaisuqre doubts.

hugs

Hi,

Please check this article

DWH***.tmp files are detected in the user profile temp directory

http://www.symantec.com/docs/TECH92399

This is a known issue which is going to be fixed probably in SEP 11 RU6 MP1.

Meanwhile, please follow the KB below to resolve this issue:

http://service1.symantec.com/SUPPORT/ent-security....

Reason behind it:
- By default, when there is anything in quarantine folder and there is new definitions downloaded in SEP client, then a scan is initiated after download to check if any definitions are available which can resolve the quarantined files.

- Unfortunately, in some cases, during this process, scan detects the tmp files which are created in Xfer or Xfer_tmp folder during above process.

This issue was initially fixed in MR4 MP2, however, I have seen this issue in some cases of RU5 and RU6 as well.

As mentioned above, hopefully, it will resolve in RU6 MP1.

Check the Knowledgebase.

DWH***.tmp files are detected in the user profile temp directory.

Hi,

So SEP11 Ru6 Mp1 did'nt work

V11 7000.975 doesn't work either

I'm not sur to understadn what RU7 MP2 means

anyone at Symantec has an idea about the importance of statistic reliability?

i know this doesn't help anybody, it just make me feel a little better!

The issue of multiple DWH files being created and retained has been improved in SEP 11 Release Update 7 Maintenance Patch 2 (RU7 MP2) and SEP 12.1 RU1 MP1.

can you try on one such client?

The issue remains with:

12.1.1101.401 RU1 MP1

I had the issue today, 2012.09.17  on a client running

12.1.1101.401 RU1 MP1

may i suggest to open a support ticket?

Hi,

I would also like to suggest to open a case with support.

How to create a new case in MySupport

http://www.symantec.com/docs/TECH58873

How to Create and Validate a SymAccount for using Symantec's MySupport

http://www.symantec.com/docs/HOWTO31127

OR

Contact Symantec Technical Support via the support phone numbers listed below

Regional Support Telephone Numbers:
United States: https://support.broadcom.com (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000
Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp   India: Toll-Free 000 800 4401 456 directly                                                                                                       

Contact Symantec Customer Care on 

http://www.symantec.com/support/assistance_care.jsp

OR 

Technical Support

http://www.symantec.com/business/support/contact_techsupp_static.jsp

I appreciate the suggestion but I've been able to curb the issues using the indexing/quarantine/temp clearing methods found in various threads.  I just wanted to put it out there that upgrading is not the answer.  Maybe next time?

Gracias

Hi Gracias,

Please monitor for a few days.

If the issue reoccurred then upgrade to the latest version of 12.1 can be the best option.

Hello Everyone,

According to the fix notes of latest SEP version i.e. SEP 12.1 RU2, issue is resolved with this release.