I recently installed a new remote SEPM server as distributed logging and sylink mover has worked great with the machines. Except one. It's a managed client but eicar tests wouldnt be reported to the SEPM. I ran the SylinkMonitor and found that for <PrepareEventLog> it ERR and couldnt prepare the log in C:\TEMP\ to send to SEPM. The reason was the folder was encrypted. Unencrypted the folder, Problem solved.
BUT - I need to better control SMC as to where it put's temporary data since I can't always control what our developers are doing for production machines.
How can I tell the client to use D:\Program Files\Symantec\Symantec Endpoint Protection\TEMP\ instead of it's default of C:\TEMP\? I cant find any reference in the registry for defining it nor any setting in SEPM. Does anyone know where this can be changed?
Thanks,
Ed