Video Screencast Help

Sudden increase in quarantined viruses and trojans ?

Created: 22 Jan 2013 | 8 comments

 

Hi,

Can anyone please assist me what to do, because from what I have read, the DefWatch Wizard (defwatch.exe and Dwhwizrd.exe) most likely generates the DWH files. After virus definitions are downloaded, DefWatch is supposed to detect out-of-date virus definitions. During the process, quarantined threats are pulled out of the holding area and placed in a temp folder for scanning by Auto protection and DefWatch. When that occurs the Symantec scanning engine detects those versions of the previously quarantined files and the cycle keeps repeating itself ?

 

FYI: I'm using SEP 12.1 RU2 already.

Comments 8 CommentsJump to latest comment

John Santana's picture

Here's the screenshot thatI got when I go to C:\ProgramData\Symantec\DefWatch.DWH directory to delete the files ?

suddenly the files are gone ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

Ashish-Sharma's picture

 

HI,

If still not fixed in SEP 12.1 RU2

 

You can create a Case with Symantec Technical Support Team.

How to create a new case in MySymantec (formerly MySupport)

http://www.symantec.com/docs/TECH58873

Regional Support Telephone Numbers:

United States: 800-342-0652 (407-357-7600 from outside the United States)

Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)

United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

Check this thread one of problem not fixed

https://www-secure.symantec.com/connect/forums/sta...

 

Thanks In Advance

Ashish Sharma

 

 

.Brian's picture

Looks like the DWH temp file issue again

You can open a case

Or there is a workaround, not a fix

Open up your AV policy

Select the Quarantine tab

On the General tab under "When New Definitions Arrive" set it to "Do Nothing"

This should stop the alerts

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

John Santana's picture

Thanks Brian,

but then the DWH temp. will still be reported in the SEPM monitoring console ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

.Brian's picture

No, that is the workaround. It should stop showing up

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

Check this Article:

tmp file (DWH*****.tmp) detected as  Trojan.Gen or Trojan.Gen.2 by Corp products 

http://www.symantec.com/business/support/index?page=content&id=TECH102953

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

cus000's picture

Hah!?? Doesn't sound and looks too good...

 

Try the steps provided by Brian...i remember it's somewhere from KB

jim shock's picture

You can also exclude the DefWatch.DWH folder from these detections - SEP main UI - Change Settings - Exceptions.