Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

SAV Access Denied for "C:\System Volume Information"?

Updated: 21 May 2010 | 3 comments
leadacid's picture
leadacid
0 0 Votes
Login to vote

Hello Everyone-

I've got a question that's kinda bugging me.  I've recently become the administrator for a Symantec corporate antivirus setup, running SAV 10.  I've run across this error message:

Scan type:  Auto-Protect Scan
Event:  Risk Found!
Risk: AngryIPScanner
File:  C:\System Volume Information\_restore{B4BFB1DE-A18D-4EEA-BFFA-077027462EF2}\RP18\A0012341.exe
Location:  C:\System Volume Information\_restore{B4BFB1DE-A18D-4EEA-BFFA-077027462EF2}\RP18
Computer:  LQ1-052
User:  SYSTEM
Action taken:  Pending Side Effects Analysis : Access denied
Date found: Friday, September 18, 2009  5:56:22 PM

Followed up a few seconds later by the same message, but with this:

Action taken:  Quarantine failed : Leave Alone failed : Access denied

Now, as an administrator, I don't really want SAV to bork whenever it comes across a file that's in the System Restore section.  Is there a way to check what permissions the SAV client runs as?  I suspect it's running without the ability to access that part of the system.  Is this correct?  Is this even anything I should be worrying about?

I'm attempting to begin a process of taking away admin rights from desktops and users and try secure-up our systems.  This message is showing up on my newly-restrcited desktop box.

Thanks!
 

discussion Filed Under:
, , , , , ,

Comments

David-Z's picture
21
Sep
2009
0 Votes 0
Login to vote
David-Z
Symantec Employee
Accredited
Certified

Title: 'Cannot repair,

Title: 'Cannot repair, quarantine, or delete a virus found in the _RESTORE or System volume information folder'
Document ID: 2002011610560348
> Web URL: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002011610560348?Open&seg=ent

leadacid's picture
21
Sep
2009
0 Votes 0
Login to vote
leadacid

David- Yes, that will fix the

David-

Yes, that will fix the problem for this time, but it doesn't fix the problem permanantly.  If a virus or "hacktool" gets into the System Volume Information folder in the future, I'd have to manually do this again.  I don't want to do that, I want to fix / set this up so that it is automatically resolved in the future.

That's why I feel it may be a permissions problem.

Thoughts?

John_Prince's picture
21
Sep
2009
0 Votes 0
Login to vote
John_Prince
Symantec Employee
Accredited

Info

Greetings,

Here's a document on editing permissions of this folder, I cannot suggest that you follow through with this however:

http://support.microsoft.com/kb/309531

I believe for Symantec to scan inside of this directory you would need System with Full Control. This is unsupported so I might not be 100% correct with the System account. You could try adding Authenticated Users as Full Control and/or Administrator if the user is a local admin if System does not allow you in there.

Remote Product Specialist, Business Critical Services, Symantec

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,893