Endpoint Protection

pls smebody help me. endpoint is reporting trojans in its own quarantine folder.. (i think!)...

notification popups come up showing the reason to be access denied and it comes up at the rate of about 2per SECOND!!!! im pretty much unable to use my system because of this.. ive attached the screenshot.. if anyone can help me.. please do!!

It would seem that you have set the AV portion to "perform a quarantine" of infecteed files.
The file itself, being in quarantine is still active and replicating, hence the pop-ups.

Have you tried to "empty the quarantine"?
 

I thought that when a file is quarantined, it becomes dormant. I hope this is a managed system. That way you can remotely configure it to automatically delete all the threats found. Or add that folder to the excemptions. Is it possible to empty your Quarantine folder or is it using up CPE and memory?

Hi brutalzombie, don't worry it is already on the quarantine, you should just clear them. Also, on the policies, you set how long will the infected file stay on quarantine, by default I remember its 30 days.

@Paul: The problem is that he's getting an infection at a rate of 2/sec. If this keeps up, he'll run out of drive space soon.

@brutalzombie: Your screenshot shows that you're using a full/custom scan and not the real-time scan engine. Try stopping this and delete all the files in the quarantine if possible. Or delete all tmp files in your system manually if you're still having problems.

This is  a  problem due  to curropt Definitions.

Perform the following:

When trying to access C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine. you will probably get an access denied.
Right click on the folder, go to properties then security
Add the users who is currently logged on with full control
Open command prompt
Navigate to C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine
Delete all files by typing the command "Del *.*" and hit enter
Restore the default priviliages by removing the user added with full control.

Next, stop the  SMC, and  SEP service.

Next  perform the  steps in
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007123111551948

Repair  SEP from add/remove  prgram.

All should  be  fine.

@brutalzombie: Here's the possible solution:
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009042217073548

You have user Giuseppe.Axia to thank for that.

You are welcome ;)

will it do it again next time a virus is sent to quarantine
so should we set actions to delete instead of quarantine

The original question was about the \Symantec\SRTSP folder (fuzzy small screenshot).

Did Vishal Kalani's post help ?  He described how to empty SRTSP\Quarantine,  then to uncorrupt SEP defs,  then to Repair the client.

Thanks

(Required to subscribe.)