Data Loss Prevention

 View Only

  • 1.  Purpose of temp\buffer

    Posted Sep 27, 2016 02:56 PM

    We have detected malware in files stored by DLP (V14) on the user's local drive in \Program Files\Manufacturer\Endpoint Agent\temp\buffer.  Does anyone know the purpose of this directory and the files within it?  Can the files be safely deleted at any time?



  • 2.  RE: Purpose of temp\buffer
    Best Answer

    Trusted Advisor
    Posted Sep 28, 2016 02:19 AM

    hello

     have at a look at this aticle which describes content in temp folder :

    https://support.symantec.com/en_US/article.TECH221428.html

     

     usually this content could be safely deleted especially if this file is there for a long time.

    You may also raise this to your security team (or symantec support / sales rep) as usually this directory is excluded from DLP analysis so this could be a way to hide it.

     Regards.



  • 3.  RE: Purpose of temp\buffer

    Posted Sep 29, 2016 12:45 PM

    Thanks for the link to the article.  DLP does exclude this directory, SEP found the malware. I was just wondering what was generating the data in the temp\buffer folder (i.e. was this something DLP found on an endpoint and was temporarily storing it in the buffer before the incident was generated, etc.).



  • 4.  RE: Purpose of temp\buffer

    Posted Oct 14, 2016 10:12 AM

    We're running into the same issue where SEP is finding the malware in this temp\buffer location. Has anyone got a response from Symantec in regards to this?