Hi,
Here is our latest observation and the way to reproduce the problem in exact way. We have created a brand new VM and got the following installed:
Windows 7 SP1 Enterprise
Symantec Endpoint Protection 12.1.6
Symantec Encryption Desktop 10.3.2
A bat file which generates a eicar text file
After the computer startup, we have discovered that SED/PGP pgpfsd.exe (File Sharing Daemon) will also be activated. If a virus is being detected (say eicar.com generated by my .bat file) in the computer desktop, SEP will get it cleaned resulting in an empty file. However, we don't know why pgpfsd.exe will also get access to that file at the same time, resulting in an orphaned file handle left in NT Kernel (PID = 4). The Detection Results window did not displayed also. After that, the system become very unstable and SEP will not respond to eicar.bat files and the system cannot be shut down normally because of that outstanding file handle still remains.
After a restart, if we kill the pgpfsd.exe process through the task manager before invoking my .bat file, the issue will be disappeared and SEP will detect the eicar file generated and show the Detection Results window. We tried to generate eicar files many times and got no errors after that..
So, we think that there is an issue relating to pgpfsd.exe file. And since we have created the environment from scratch other than the said programs, it clearly showed that there is incompatibility or even security risks with the latest Endpoint Protection and Encryption Desktop. If any Symantec staff sees this post, please try to reproduce the steps and get it fix. We have used Symantec products for many years and trusted its Anti Virus. And we are so surprised that Symantec's own products Encryption Desktop will kill its Endpoint Protection accuracy and credibility.