Endpoint Protection

I recently installed a new remote SEPM server as distributed logging and sylink mover has worked great with the machines. Except one. It's a managed client but eicar tests wouldnt be reported to the SEPM. I ran the SylinkMonitor and found that for <PrepareEventLog> it ERR and couldnt prepare the log in C:\TEMP\ to send to SEPM. The reason was the folder was encrypted. Unencrypted the folder, Problem solved.

BUT - I need to better control SMC as to where it put's temporary data since I can't always control what our developers are doing for production machines.

How can I tell the client to use D:\Program Files\Symantec\Symantec Endpoint Protection\TEMP\ instead of it's default of C:\TEMP\? I cant find any reference in the registry for defining it nor any setting in SEPM. Does anyone know where this can be changed?

Thanks,

Ed

I dont think it can be changed..did u try changing the profile temp file,i think its using that.

Hello Ed,

Try changing system variables as per Microsoft KB

http://support.microsoft.com/kb/310519

Hope this will give you a better understanding. You can create a variable here and point it to D:\Program Files\Symantec\Symantec Endpoint Protection\TEMP\

You can change the system variable for the machine but after all the temp files will go to new directory that wont be a good Idea as if you remove SEP it can corrupt too many things

Thanks folks. I did find the M$ variables I could change but that's too broad. I need this to be strictly SEP client related.

I may have to go with the interactive client install and reinstall all the clients, there's less than 100, and if it's on D:, will likely use D:\TEMP, which will suit me well enough.

Thanks for the replies,

Ed

Hello ,

During creation of pacakge you can define the path and then try one test machine

Change the default path from c:temp to drive:/ and the location that you wish too

by changing environment variables in system properties under Advanced to D:\TEMP but before create TEMP folder in D: