Do you employ Startup Scans? If so test by disabling them to see if the issue persists.
Does the issue occur randomly or every time the user logs out?

Thomas

to be honest it's hard to tell if it's random or always. Initially we thought that the problem occurred for accounts that had been deleted and then when the user returned to the company, they were recreated (from scratch) with the same username, email address etc.
The problem seemed to be at random  but it looks like the first login after a reboot would work but then subsequent ones would fail. Renaming the profile in the profilelist registry from sid.bak to sid would sometimes work
This morning though I got the same problem immediately after a reboot with my admin account which hasn't been deleted. I was getting errors with uhpclean being picked up by tamper protection so I have now excluded the c:\Program Files\UPHCleandirectory.

I do not have any scheduled scans configured.

For the time being I have had to disable the docsnsettings directory from being scanned so that my users can work. This is not an acceptable solution as most of the virus' get dumped into the temporary internet files that are within this directory.  I could exlude c:\documents and settings\username\ntuser.* but I have many many profiles and this would be a massive headache to setup and maintain.

Sounds like an issue for support. I would recommend you open a case with Symantec. Please update us here when you discover root cause.

Regards,
Thomas

Case logged - I'll update when I get a solution.

Unfortunately the only solution is to upgrade to v11 - not quite so easy considering this should really be a full upgrade of the SAV infrastructure to v11 with management console and then clients etc.

For the meantime I'm going to install v11 as an unmanaged client on this one server to see if it will work. Then i'll think about upgrading to v11mr4sp2.

There's still supposed to be another maintenance release, or release update, or whatever they are calling them now, for 10.1.  At least, that's the last I heard not even a month ago, for a different case # that I have open.  So maybe your problem will be fixed in 10.1.9.

Edit: After all, Symantec still has not set end-of-support dates for any of the 10.x releases...

unfortunately I couldn't wait that long. I upgraded to an unmanaged client this morning (after the user was locked out again this morning before I did the upgrade.)  Just need to work out how to get the client to request a password before accessing the settings to stop the users fiddling.

Had the same problem again this morning but wasn't able to get as much debugging information as I'd like at that time to prove it is symantec still.
I'll be doing some more testing and will update this ticket when I have more information.
I don't have the scheduled scan set but the problem reoccured. Tonight i'll be excluding the user profile from scanning again (this exclusion was deleted when I upgraded to sef11) to see if it re-occurs.

Well, 10.1.9.9000 seems to be available (or will be soon), per the updated Release Notes here:
http://service1.symantec.com/SUPPORT/ent-security....