Video Screencast Help

How to setup auto delete of DWH* quarantined file in SEP client ?

Created: 26 Feb 2013 • Updated: 26 Feb 2013 | 5 comments
This issue has been solved. See solution.

Hi,

some of my Workstation with Endpoint 12.1.2 RU2 got issues with Virus more than 11 alerts per minutes ? so in total there are 4700 entries that must be manually deleted.

can anyone here please let me know how to delete it quick way ? 

Operating Systems:

Comments 5 CommentsJump to latest comment

ᗺrian's picture

Check this article by Mithun Sangavi:

https://www-secure.symantec.com/connect/articles/i...

You can build a batch script using the instructions he provided to remove these.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture

check this

tmp file (DWH*****.tmp) detected as Trojan.Gen or Trojan.Gen.2 by Corp products

http://www.symantec.com/business/support/index?page=content&id=TECH102953

Thanks In Advance

Ashish Sharma

SOLUTION
Rafeeq's picture

These alerts are on sepm or on client you want to clear out.

in sepm log retention period is 30 days by default, those will be cleared out.

client logs are stored under logs folder c:\program data\symantec

or

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

add whatever you want to the below batch file

del c:\Windows\temp\SEP_INST.LOG.back
del c:\Program Files\Symantec\Symantec Endpoint Protection Manager\db\sem5.log.back
del c:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\SesmLu.log.back
del c:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\SesmLu-1.log.back
del c:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\SesmLu-2.log.back

ren c:\Windows\temp\SEP_INST.LOG c:\Windows\temp\SEP_INST.LOG.Back 
ren c:\Program Files\Symantec\Symantec Endpoint Protection Manager\db\sem5.log c:\Program Files\Symantec\Symantec Endpoint Protection Manager\db\sem5.log.back
ren c:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\SesmLu.log c:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\SesmLu.log.back
ren c:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\SesmLu-1.log c:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\SesmLu-1.log.back
ren c:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\SesmLu-2.log c:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\SesmLu-2.log.back

John Santana's picture

Great, many thanks for the advice people !

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.