Endpoint Protection

 View Only

  • 1.  Sudden increase in quarantined viruses and trojans ?

    Posted Jan 22, 2013 11:26 PM

     

    Hi,

    Can anyone please assist me what to do, because from what I have read, the DefWatch Wizard (defwatch.exe and Dwhwizrd.exe) most likely generates the DWH files. After virus definitions are downloaded, DefWatch is supposed to detect out-of-date virus definitions. During the process, quarantined threats are pulled out of the holding area and placed in a temp folder for scanning by Auto protection and DefWatch. When that occurs the Symantec scanning engine detects those versions of the previously quarantined files and the cycle keeps repeating itself ?

     

    FYI: I'm using SEP 12.1 RU2 already.



  • 2.  RE: Sudden increase in quarantined viruses and trojans ?

    Posted Jan 22, 2013 11:28 PM

    Here's the screenshot thatI got when I go to C:\ProgramData\Symantec\DefWatch.DWH directory to delete the files ?

    suddenly the files are gone ?



  • 3.  RE: Sudden increase in quarantined viruses and trojans ?

    Posted Jan 23, 2013 12:08 AM

     

    HI,

    If still not fixed in SEP 12.1 RU2

     

    You can create a Case with Symantec Technical Support Team.

    How to create a new case in MySymantec (formerly MySupport)

    http://www.symantec.com/docs/TECH58873

    Regional Support Telephone Numbers:

    United States: https://support.broadcom.com (407-357-7600 from outside the United States)

    Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)

    United Kingdom: +44 (0) 870 606 6000

    Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

    Check this thread one of problem not fixed

    https://www-secure.symantec.com/connect/forums/statement-fixed-notes-may-incorrect

     



  • 4.  RE: Sudden increase in quarantined viruses and trojans ?

    Posted Jan 23, 2013 08:08 AM

    Looks like the DWH temp file issue again

    You can open a case

    Or there is a workaround, not a fix

    Open up your AV policy

    Select the Quarantine tab

    On the General tab under "When New Definitions Arrive" set it to "Do Nothing"

    This should stop the alerts



  • 5.  RE: Sudden increase in quarantined viruses and trojans ?

    Posted Jan 23, 2013 08:37 PM

    Thanks Brian,

    but then the DWH temp. will still be reported in the SEPM monitoring console ?



  • 6.  RE: Sudden increase in quarantined viruses and trojans ?

    Posted Jan 23, 2013 09:28 PM

    No, that is the workaround. It should stop showing up



  • 7.  RE: Sudden increase in quarantined viruses and trojans ?

    Trusted Advisor
    Posted Jan 24, 2013 07:53 AM

    Hello,

    Check this Article:

    tmp file (DWH*****.tmp) detected as  Trojan.Gen or Trojan.Gen.2 by Corp products 

    http://www.symantec.com/business/support/index?page=content&id=TECH102953

    Hope that helps!!



  • 8.  RE: Sudden increase in quarantined viruses and trojans ?

    Posted Jan 24, 2013 10:42 PM

    Hah!?? Doesn't sound and looks too good...

     

    Try the steps provided by Brian...i remember it's somewhere from KB



  • 9.  RE: Sudden increase in quarantined viruses and trojans ?

    Posted Feb 06, 2013 11:05 AM

    You can also exclude the DefWatch.DWH folder from these detections - SEP main UI - Change Settings - Exceptions.