Sudden increase in quarantined viruses and trojans ?
Created: 22 Jan 2013 | 8 comments
Hi,
Can anyone please assist me what to do, because from what I have read, the DefWatch Wizard (defwatch.exe and Dwhwizrd.exe) most likely generates the DWH files. After virus definitions are downloaded, DefWatch is supposed to detect out-of-date virus definitions. During the process, quarantined threats are pulled out of the holding area and placed in a temp folder for scanning by Auto protection and DefWatch. When that occurs the Symantec scanning engine detects those versions of the previously quarantined files and the cycle keeps repeating itself ?
FYI: I'm using SEP 12.1 RU2 already.
Discussion Filed Under:
Comments 8 Comments • Jump to latest comment
Here's the screenshot thatI got when I go to C:\ProgramData\Symantec\DefWatch.DWH directory to delete the files ?
suddenly the files are gone ?
Kind regards,
John Santana
Graduate IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
HI,
If still not fixed in SEP 12.1 RU2
You can create a Case with Symantec Technical Support Team.
How to create a new case in MySymantec (formerly MySupport)
http://www.symantec.com/docs/TECH58873
Regional Support Telephone Numbers:
United States: 800-342-0652 (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000
Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp
Check this thread one of problem not fixed
https://www-secure.symantec.com/connect/forums/sta...
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Looks like the DWH temp file issue again
You can open a case
Or there is a workaround, not a fix
Open up your AV policy
Select the Quarantine tab
On the General tab under "When New Definitions Arrive" set it to "Do Nothing"
This should stop the alerts
SEP Knowledge Base
Endpoint SWAT
Thanks Brian,
but then the DWH temp. will still be reported in the SEPM monitoring console ?
Kind regards,
John Santana
Graduate IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
No, that is the workaround. It should stop showing up
SEP Knowledge Base
Endpoint SWAT
Hello,
Check this Article:
tmp file (DWH*****.tmp) detected as Trojan.Gen or Trojan.Gen.2 by Corp products
http://www.symantec.com/business/support/index?page=content&id=TECH102953
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Hah!?? Doesn't sound and looks too good...
Try the steps provided by Brian...i remember it's somewhere from KB
You can also exclude the DefWatch.DWH folder from these detections - SEP main UI - Change Settings - Exceptions.
Would you like to reply?
Login or Register to post your comment.