Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Question about attachments

Created: 13 May 2013 • Updated: 13 May 2013 | 7 comments
This issue has been solved. See solution.

Hi there,

our virus scanner detected an infected file in one of the EV_CVT_Temp_ folders. This file was moved immidiately to the quarantine by the scanner software. If I am correct these CVT_Temp folders are used for archiving as well for manual archiving.

My question is if I have any chance to find out who of our users has archived this infected file? I checked all available EV logs but could not find any username or file.

Is there propably a chance to find out something in the EV DBs? Unfortunately we are not using Journaling.

EV version is 10.01 and we are running Exchange 2010.

Regards

Operating Systems:

Comments 7 CommentsJump to latest comment

Rob.Wilcox's picture

First of all, which folder *exactly* is it you are referring to?

Secondly, chances are it's NOT an infected file, but shows 'signatures' that are similar to a virus, but really, they're not..  antivirus gets confused. This technote might help:

http://www.symantec.com/business/support/index?page=content&id=TECH48856

Contonso's picture

Hi,

thanks for reply. We are using Symantec Endpoint Protection and it detected the file as a Trojan.Gen

It is folder EV_CVT_Temp_2.

Regards

Rob.Wilcox's picture

Okay that's a super-generic detection, as I said, it's not a virus.  I'd bet good money on it.

Where is that folder located? The full path I mean.

SOLUTION
Contonso's picture

The Full path is: C:\Users\evltadmin\AppData\Local\Temp\EV_CVT_Temp_2

Rob.Wilcox's picture

Okay, well %temp% for the Vault Service Account should be excluded from AV scanning.

Contonso's picture

I just done this already.

Many Thanks

Regards,

Contonso