Endpoint Protection

Symantec Endpoint Protection 11.0.3001.2224
Windows XP Pro V2002 (5.1.2600 SP3)
My small laptop-harddisk is being flooded by 3 gigabyte-large files in directory C:\
- t14s.1   2.498 MB   2011-04-27
- t16k.1   2.095 MB   2011-10-17
- t188.1   8.115 MB   2012-10-15 = 6 hours ago.
- t14s.2       0 MB   2011-04-27
- t16k.2       0 MB   2011-10-17

What are these files - can they be deleted ?

I have in other forums (googling "Symantec ... large files ...") seen large-file-problems described, but

they all relate to large files in subdirectories ("... common ..." and "... Documents and Settings ...").

My large files contain some text like "Symantec Management Client has been started", so the files ARE

related to Symantec.

I hope someone can help.
Thanks in advance.

Well first off, you are on a very old version (4th release of 11.x), latest is RU7 MP2. I would highly suggest upgrading as thousands of fixes have been made since this version. 

You need to upgrade to RU7 first, than  go to RU7 MP2:

Supported migration paths to 11.0.7000.975 (RU7)

http://www.symantec.com/business/support/index?page=content&id=TECH165167

or

You can upgrade to 12.1

Supported Upgrade paths to Symantec Endpoint Protection 12.1

http://www.symantec.com/business/support/index?page=content&id=TECH163514

General supported migration paths for Symantec Endpoint Protection Manager (SEPM) / Symantec Endpoint Protection (SEP) - Terminology used in acronyms

http://www.symantec.com/business/support/index?page=content&id=TECH171037

Thanks Brian81 for your advice.

My problem is, that the laptop is a very old company-pc, which I was allowed to keep when I went on a pension.

So - to upgrade the security-software is not possible (except by using LiveUpdate), since I do not have administrator privileges to interfere with the original "primary software" and do not have access to the original software licence numbers.

Shall I "just give up" and thrash the pc - I would hate to do that.

Hope there is a better solution - like just deleting the offending files - otherwise I will have to uninstall Symantec and install a free AntiVirus program.

It sounds like it might be bad virus defs, which you can clear manually. However, would need to know exact paths in order to determine what those files may be.

See if this helps:

How to clear out corrupted definitions for a Symantec Endpoint Protection client manually

http://www.symantec.com/business/support/index?page=content&id=TECH103176

Hi again,

The 5 files listed in my first entry are located directly in C:\ like this:

-  C:\t14s.1

The other 4 files are located likewise directly in C:\

That seems to be quite strange, can the be just "dump files" ?

Those don't appear to be related to Symantec. I'm not sure what they could be other than they don't seem to be related to SEP. 

You can probably delete them. Are your virus defs up to date and have you run a scan recently? Being that large I don't think they would be virus related. 

Hi again,

My virus defs are up to date - I run liveupdate each time I have started the pc, also yesterday afternoon. And immediately after that the file "t188.1" seems to have been created - it is date-stamped yesterday afternoon.

I have not run a Symantec virus scan the last couple of weeks, but a "Malwarebytes Anti-Malware" scan (after  the problem arose) was clean.

I will now run a Symantec total scan, while I go to sleep (it is 1 AM at night here in Denmark).

Thanks a lot for your help.

I will return to this subject tomorrow, when the scan is finished. 

Not sure what the files are. I would say to delete them but I'm not sure what else may be affected. 

Hi again,

I have now run Symantec scans, first an Active Scan and then a Full Scan.

Both scans show the pc to be absolutely clean - the scan result showed no comments on anything.

Now I'll try to delete one of the files.

Those files seems to be independant of SEP. Although you are on an old version, I don't think they're related and can be deleted.

Hi,

You mentioned that the files seems to appear a short time after LiveUpdate does his updates.

As it's an old version, I'm not 100% sure because it's slightly different on more earlier version but I suspect it's coming from scans done automatically after the last definitions are getting updated.

Basically they have a different extension than that (.VBN for example) but maybe on this old version, the extension wasn't the same as it's older version so it's an older scan engine and encryption system used.

When a scan is running and there were some other tasks running on the machine that might create a conflict in order to complete correctly the scan to the end or in order to prevent a crash of the system, the scan stops and then you could have some big temporary files created when it occurs.

It is created in order that when another scan occurs, it tries to run it back from when it has been cancelled or stopped and when the scan is able to run from when it has been stopped then this file is automatically purged.

In some situations, this type of file might not be purged automatically when the scan is not able to run from when it has been stopped for example.

So basically if you delete these files, I don't think that it will provoke any issues with your SEP clients and your machine.

Kind Regards,

A. Wesker

Thanks to both of you,

Have now deleted the files manually, that freed 12 GB on the HD.

No ill effects, everything works fine, including Symantec.

This thread is now finished - problem solved.

Best wishes,

Erling Møldrup

Glad it's fixed. Please don't forget to mark whichever thread helped as solved.