I have a Windows 2003 SP2 server running Symantec Endpoint Protection 11.0.2010.25. I am getting a ton of virus alerts from shadowcopy directories.
Trojan Horse found in file: \Device\HardDisk\VolumeShadowCopy9\Documents and settings\m28098\Local Settings\Temp\DWHFF66.tmp. Quarantine failed: Access Denided. The file was left unchanged
So I'm getting a ton of these with various temp files.
I'm also getting it in
\Device\Harddisk\VolumeShadowcopy8\documents and settings\all users\application data\ symantec\symantec antivirus corporate edition\7.5\xfer\49e4be7e.tmp. clean succeeded.
I believe that directory is a shadow copy of the quarantine. There are tons of detections on various temp files in that directory as well.
I'm not sure how to deal with this. I've had the user dump the quarantine, but the detections keep coming.