Endpoint Protection

 View Only

  • 1.  SEP SBE Finding 1000s of .tmp files in Quarantine

    Posted May 27, 2016 01:16 PM

    Hello

    This morning our fileserver(server 2012 R2) started finding tons of files it wants to quarantine in the symantec directory

    C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\SRTSP\Quarantine\APQ6439.tmp

    They are all Detected As:Trojan.Gen

    All the files have random filenames like APQ9A4D.tmp and APQ7F31.tmp

    At the rate its going it seems to find 1 new files every minute.

    Anyone else run into this problem or have any ideas on how to stop or fix it?

    Thanks

    Chris

     

     



  • 2.  RE: SEP SBE Finding 1000s of .tmp files in Quarantine

    Posted May 27, 2016 01:18 PM

    It's a known issue and has been for quite a long time. See this articlde for workaround and deleting quarantine contents.

    http://www.symantec.com/docs/TECH102953



  • 3.  RE: SEP SBE Finding 1000s of .tmp files in Quarantine

    Posted May 27, 2016 01:52 PM

    Thanks Brian

    Pretty sure that link solved the problem for me. Our new MSP installed ESET on the fileserver next to SEP. That link says that
    "However, if a third-party process accesses that file while it is being created  the Symantec Endpoint Protection Auto-Protect function will intercept this file access and will declare the file as untrusted because another process, possibly malicious, had accessed the file."

    I believe it was scanning the file as SEP was using it. 

    I have to wait until the end of the business day and I will uninstall and see if that fixes the problem.

    Thanks
    Chris